www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Submission: On November 18 via api (November 18th 2019, 10:11:37 pm UTC) from DE

Summary HTTP 424 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 60 IPs in 8 countries across 46 domains to perform 424 HTTP transactions. The main IP is 104.20.59.209, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 12th 2018. Valid for: 2 years.

This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.20.59.209 104.20.59.209	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	2a00:1450:400... 2a00:1450:4001:825::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
32	104.26.12.6 104.26.12.6	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
10	151.101.14.217 151.101.14.217	54113 (FASTLY) (FASTLY - Fastly)
1	2a00:1450:400... 2a00:1450:4001:81b::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
3 9	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2606:4700:20:... 2606:4700:20::681a:18b	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	178.79.175.86 178.79.175.86	63949 (LINODE-AP...) (LINODE-AP Linode)
6	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:20e... 2600:9000:20eb:8200:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
9	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2.21.36.164 2.21.36.164	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:814::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
3	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE - Google LLC)
1	13.224.196.118 13.224.196.118	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.236.131.34 54.236.131.34	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
13	172.217.22.34 172.217.22.34	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81c::2006	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2600:9000:20e... 2600:9000:20eb:d600:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	13.224.199.29 13.224.199.29	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	151.101.113.194 151.101.113.194	54113 (FASTLY) (FASTLY - Fastly)
1	2600:9000:215... 2600:9000:2156:9000:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	13.225.78.17 13.225.78.17	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.225.78.52 13.225.78.52	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4 17	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE - Google LLC)
5	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE - Google LLC)
1	52.3.42.128 52.3.42.128	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	13.224.196.53 13.224.196.53	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	3.222.69.96 3.222.69.96	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	151.101.13.140 151.101.13.140	54113 (FASTLY) (FASTLY - Fastly)
4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
8	52.72.165.42 52.72.165.42	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
8	2606:4700:10:... 2606:4700:10::6814:9274	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	18.196.104.43 18.196.104.43	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
19	52.213.17.13 52.213.17.13	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	2a02:fa8:8806... 2a02:fa8:8806:16::1460	41041 (VCLK-EU-) (VCLK-EU-)
12	104.16.68.69 104.16.68.69	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4	35.156.132.43 35.156.132.43	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
9	69.173.144.142 69.173.144.142	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
26	3.124.23.215 3.124.23.215	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
8	37.252.173.62 37.252.173.62	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
30 80	152.199.21.89 152.199.21.89	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
61	2a00:1450:400... 2a00:1450:4001:820::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
33	2a00:1450:400... 2a00:1450:4001:825::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
2 4	216.58.205.230 216.58.205.230	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
8	151.101.113.108 151.101.113.108	54113 (FASTLY) (FASTLY - Fastly)
4 4	13.225.78.106 13.225.78.106	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 5	18.194.62.191 18.194.62.191	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	104.17.120.107 104.17.120.107	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	23.37.55.184 23.37.55.184	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2 2	172.217.16.162 172.217.16.162	15169 (GOOGLE) (GOOGLE - Google LLC)
2 3	54.229.35.82 54.229.35.82	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.48.197.20 52.48.197.20	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.28.46.116 52.28.46.116	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	213.19.147.150 213.19.147.150	26120 (RHYTHMONE) (RHYTHMONE - RhythmOne)
1 1	91.228.74.182 91.228.74.182	27281 (QUANTCAST) (QUANTCAST - Quantcast Corporation)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-) (VCLK-EU-)
4 4	52.29.126.123 52.29.126.123	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	35.210.97.129 35.210.97.129	19527 (GOOGLE-2) (GOOGLE-2 - Google LLC)
424	60

1 104.20.59.209 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bleepingcomputer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:825::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 104.26.12.6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bleepstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.14.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

cdn.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdns.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ck.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:18b (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.79.175.86 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-178-79-175-86.london.nodebalancer.linode.com

ecdn.analysis.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:8200:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.21.36.164 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-36-164.deploy.static.akamaitechnologies.com

s9.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.188.71.214 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.196.118 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-196-118.fra2.r.cloudfront.net

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.236.131.34 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-236-131-34.compute-1.amazonaws.com

core.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.40 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.217.22.34 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s16-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

ff.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20eb:d600:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

static.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.224.199.29 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-199-29.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.194 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:9000:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.78.17 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-225-78-17.fra2.r.cloudfront.net

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.52 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-225-78-52.fra2.r.cloudfront.net

api.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 34.95.120.147 (United States) 4 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 147.120.95.34.bc.googleusercontent.com

connatix-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
freestar-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.226.36.58 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.3.42.128 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-3-42-128.compute-1.amazonaws.com

trk.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.196.53 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-196-53.fra2.r.cloudfront.net

audit.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.222.69.96 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-222-69-96.compute-1.amazonaws.com

cluster-na.cdnjquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.72.165.42 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-72-165-42.compute-1.amazonaws.com

mantodea.mantisadnetwork.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:10::6814:9274 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

i.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.196.104.43 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-196-104-43.eu-central-1.compute.amazonaws.com

hb.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 52.213.17.13 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:fa8:8806:16::1460 (Sweden)

ASN41041 (VCLK-EU-, SE)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.16.68.69 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.156.132.43 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-156-132-43.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.173.144.142 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 3.124.23.215 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.173.62 (Ascension Island)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

80 152.199.21.89 (United States) 30 redirects

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

61 2a00:1450:4001:820::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:825::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.205.230 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f230.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.233.180 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.113.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.225.78.106 (Seattle, United States) 4 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-225-78-106.fra2.r.cloudfront.net

ib.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.194.62.191 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-194-62-191.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.120.107 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

biddr.brealtime.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.55.184 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-37-55-184.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.162 (United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.229.35.82 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-229-35-82.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.48.197.20 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-48-197-20.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.28.46.116 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-28-46-116.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.150 (United Kingdom) 1 redirects

ASN26120 (RHYTHMONE - RhythmOne, LLC, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.182 (United Kingdom) 1 redirects

ASN27281 (QUANTCAST - Quantcast Corporation, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (Sweden)

ASN41041 (VCLK-EU-, SE)

aol-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.29.126.123 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-126-123.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.210.97.129 (Mountain View, United States) 1 redirects

ASN19527 (GOOGLE-2 - Google LLC, US)
PTR: 129.97.210.35.bc.googleusercontent.com

tag.clrstm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
82	advertising.com 30 redirects adserver-us.adtech.advertising.com pixel.advertising.com	27 KB
65	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	549 KB
33	ampproject.org cdn.ampproject.org	954 KB
32	bleepstatic.com www.bleepstatic.com	436 KB
26	sharethrough.com btlr.sharethrough.com	4 KB
24	doubleclick.net 4 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net ff.doubleclick.net ad.doubleclick.net cm.g.doubleclick.net	204 KB
21	gumgum.com g2.gumgum.com rtb.gumgum.com	10 KB
17	openx.net 4 redirects connatix-d.openx.net us-u.openx.net Failed freestar-d.openx.net eu-u.openx.net	3 KB
16	adnxs.com ib.adnxs.com acdn.adnxs.com	8 KB
13	3lift.com 5 redirects tlx.3lift.com ib.3lift.com eb2.3lift.com	4 KB
12	districtm.io dmx.districtm.io cdn.districtm.io	1 KB
12	connatix.com cdn.connatix.com cdns.connatix.com ck.connatix.com core.connatix.com i.connatix.com trk.connatix.com	409 KB
11	google.com 3 redirects www.google.com cse.google.com adservice.google.com	2 KB
10	rubiconproject.com fastlane.rubiconproject.com eus.rubiconproject.com	19 KB
10	pub.network a.pub.network d.pub.network c.pub.network	236 KB
8	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	12 KB
8	connectad.io i.connectad.io cdn.connectad.io	1 KB
8	mantisadnetwork.com mantodea.mantisadnetwork.com	1 KB
6	amazon-adsystem.com c.amazon-adsystem.com	29 KB
6	consensu.org quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org vendorlist.consensu.org api.quantcast.mgr.consensu.org audit.quantcast.mgr.consensu.org	136 KB
6	gstatic.com fonts.gstatic.com	65 KB
5	dotomi.com web.hb.ad.cpe.dotomi.com aol-match.dotomi.com	2 KB
4	bidswitch.net 4 redirects x.bidswitch.net	2 KB
4	casalemedia.com as-sec.casalemedia.com	3 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	brealtime.com biddr.brealtime.com
3	emxdgt.com hb.emxdgt.com	948 B
3	googletagservices.com www.googletagservices.com	73 KB
3	addthis.com s9.addthis.com s7.addthis.com	189 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	reddit.com www.reddit.com	3 KB
2	facebook.com graph.facebook.com	1023 B
2	ad-delivery.net ad-delivery.net	1 KB
2	fastly.net confiant-integrations.global.ssl.fastly.net	75 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	clrstm.com 1 redirects tag.clrstm.com	355 B
1	quantserve.com 1 redirects pixel.quantserve.com	685 B
1	1rx.io 1 redirects sync.1rx.io	305 B
1	cdnjquery.com cluster-na.cdnjquery.com	356 B
1	addthisedge.com v1.addthisedge.com	924 B
1	moatads.com z.moatads.com	1 KB
1	videoplayerhub.com freestar-io.videoplayerhub.com	29 KB
1	google.de adservice.google.de	171 B
1	analysis.fi ecdn.analysis.fi	1 KB
1	googletagmanager.com www.googletagmanager.com	27 KB
1	bleepingcomputer.com www.bleepingcomputer.com	15 KB
424	46

	Domain	Requested by
80	adserver-us.adtech.advertising.com	30 redirects a.pub.network
61	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.bleepingcomputer.com cdn.ampproject.org
33	cdn.ampproject.org	securepubads.g.doubleclick.net
32	www.bleepstatic.com	www.bleepingcomputer.com cdn.connatix.com www.bleepstatic.com www.google-analytics.com
26	btlr.sharethrough.com	a.pub.network
17	g2.gumgum.com	a.pub.network
13	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.bleepingcomputer.com
9	fastlane.rubiconproject.com	a.pub.network
9	www.google.com	3 redirects www.bleepingcomputer.com
8	acdn.adnxs.com	a.pub.network
8	ib.adnxs.com	a.pub.network
8	dmx.districtm.io	a.pub.network
8	mantodea.mantisadnetwork.com	a.pub.network
7	connatix-d.openx.net	2 redirects cdns.connatix.com
7	i.connatix.com	www.bleepingcomputer.com
6	eu-u.openx.net	2 redirects a.pub.network
6	c.amazon-adsystem.com	a.pub.network c.amazon-adsystem.com
6	fonts.gstatic.com	cdn.connatix.com www.bleepstatic.com www.bleepingcomputer.com
5	eb2.3lift.com	1 redirects a.pub.network
5	c.pub.network	a.pub.network
4	x.bidswitch.net	4 redirects
4	rtb.gumgum.com	a.pub.network
4	cdn.connectad.io	a.pub.network
4	ib.3lift.com	4 redirects
4	ads.pubmatic.com	a.pub.network
4	cdn.districtm.io	a.pub.network
4	ad.doubleclick.net	2 redirects www.bleepingcomputer.com
4	hbopenbid.pubmatic.com	a.pub.network
4	tlx.3lift.com	a.pub.network
4	web.hb.ad.cpe.dotomi.com	a.pub.network
4	i.connectad.io	a.pub.network
4	as-sec.casalemedia.com	a.pub.network
4	freestar-d.openx.net	a.pub.network
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.bleepingcomputer.com
4	pagead2.googlesyndication.com	www.bleepingcomputer.com pagead2.googlesyndication.com
3	match.adsrvr.org	2 redirects
3	biddr.brealtime.com	a.pub.network
3	hb.emxdgt.com	a.pub.network
3	www.googletagservices.com	a.pub.network pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	d.pub.network	a.pub.network
3	fonts.googleapis.com	www.bleepingcomputer.com securepubads.g.doubleclick.net
2	pixel.advertising.com
2	cm.g.doubleclick.net	2 redirects
2	www.reddit.com	s9.addthis.com
2	graph.facebook.com	s9.addthis.com
2	ad-delivery.net	freestar-io.videoplayerhub.com
2	confiant-integrations.global.ssl.fastly.net	a.pub.network confiant-integrations.global.ssl.fastly.net
2	s7.addthis.com	s9.addthis.com
2	static.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
2	www.google-analytics.com	www.googletagmanager.com www.bleepingcomputer.com
2	a.pub.network	www.bleepingcomputer.com a.pub.network
1	tag.clrstm.com	1 redirects
1	aol-match.dotomi.com
1	pixel.quantserve.com	1 redirects
1	sync.1rx.io	1 redirects
1	eus.rubiconproject.com	a.pub.network
1	cluster-na.cdnjquery.com	freestar-io.videoplayerhub.com
1	audit.quantcast.mgr.consensu.org	static.quantcast.mgr.consensu.org
1	trk.connatix.com
1	api.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	vendorlist.consensu.org	quantcast.mgr.consensu.org
1	ff.doubleclick.net	www.googletagservices.com
1	v1.addthisedge.com	s9.addthis.com
1	z.moatads.com	s9.addthis.com
1	core.connatix.com	cdns.connatix.com
1	freestar-io.videoplayerhub.com	a.pub.network
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	ck.connatix.com	cdns.connatix.com
1	s9.addthis.com	www.bleepingcomputer.com
1	quantcast.mgr.consensu.org	www.bleepstatic.com
1	cdns.connatix.com	cdn.connatix.com
1	ecdn.analysis.fi	www.bleepingcomputer.com
1	cse.google.com	www.bleepingcomputer.com
1	www.googletagmanager.com	www.bleepingcomputer.com
1	cdn.connatix.com	www.bleepingcomputer.com
1	www.bleepingcomputer.com
0	us-u.openx.net Failed
424	78

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.youtube.com
deals.bleepingcomputer.com
connatix.com
id-ransomware.malwarehunterteam.com
www.virustotal.com
help.nextcloud.com
github.com
nextcloud.com

Subject Issuer	Validity	Valid
bleepingcomputer.com COMODO RSA Domain Validation Secure Server CA	`2018-05-12` - `2020-05-17`	2 years	crt.sh
*.googleapis.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-11` - `2020-10-09`	a year	crt.sh
j3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-11-15` - `2020-09-16`	10 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.analysis.fi Sectigo RSA Domain Validation Secure Server CA	`2019-06-13` - `2020-06-12`	a year	crt.sh
quantcast.mgr.consensu.org Amazon	`2019-05-06` - `2020-06-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2020-09-04`	a year	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2019-02-09` - `2020-05-16`	a year	crt.sh
*.videoplayerhub.com Amazon	`2019-07-18` - `2020-08-18`	a year	crt.sh
*.connatix.com Amazon	`2019-10-19` - `2020-11-19`	a year	crt.sh
moatads.com DigiCert ECC Secure Server CA	`2018-11-10` - `2020-02-09`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2019-10-07` - `2020-09-29`	a year	crt.sh
*.freetls.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-01-02` - `2020-01-03`	a year	crt.sh
vendorlist.consensu.org Amazon	`2019-03-06` - `2020-04-06`	a year	crt.sh
ad-delivery.net Amazon	`2019-03-07` - `2020-04-07`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.assetbucket.net Amazon	`2019-09-11` - `2020-10-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-11-06` - `2020-02-04`	3 months	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2018-08-17` - `2020-09-02`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2019-07-17` - `2020-03-09`	8 months	crt.sh
*.mantisadnetwork.com Amazon	`2019-04-21` - `2020-05-21`	a year	crt.sh
connectad.io CloudFlare Inc ECC CA-2	`2019-07-18` - `2020-07-17`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2019-07-17` - `2020-07-17`	a year	crt.sh
*.gumgum.com Amazon	`2019-07-31` - `2020-08-31`	a year	crt.sh
ad.cpe.dotomi.com GlobalSign Organization Validation CA - SHA256 - G2	`2018-05-25` - `2020-05-25`	2 years	crt.sh
districtm.io CloudFlare Inc ECC CA-2	`2019-03-26` - `2020-03-26`	a year	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.sharethrough.com Amazon	`2019-10-07` - `2020-11-07`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 High Assurance Server CA	`2018-05-22` - `2020-05-26`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
www.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-16` - `2020-05-16`	a year	crt.sh
*.brealtime.com Go Daddy Secure Certificate Authority - G2	`2017-03-22` - `2020-03-22`	3 years	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2017-06-14` - `2020-06-18`	3 years	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh

This page contains 51 frames:

Primary Page: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Frame ID: 51E910B74B3DE6B07CE35B98054F700A
Requests: 261 HTTP requests in this frame

Frame: https://cdns.connatix.com/p/1810/min/connatix.renderer.infeed.min_dc.js
Frame ID: 08C2B9D3CE94D41D817F3A05C686B7B7
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20191114/r20190131/zrt_lookup.html
Frame ID: 03B1F9B723489E6155939AF1C0A7D8DE
Requests: 1 HTTP requests in this frame

Frame: https://ff.doubleclick.net/tag/js/fetch_frame_2019111401.html
Frame ID: 17F75F8761EDEDA5D67A0F2F145704E4
Requests: 1 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v27/cmp-3pc-check.html
Frame ID: 38FB92F1CF3199D3641F5D39FF0D7484
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1574088903&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1574115074780&bpp=3&bdt=369&fdt=111&idt=111&shv=r20191114&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=1002568951014&frm=20&pv=2&ga_vid=820536483.1574115075&ga_sid=1574115075&ga_hid=2017160151&ga_fc=0&iag=0&icsg=43980476129280&dssz=46&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=3946086092703932&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=124
Frame ID: C8E6B05B872F365BE89A9E735AC300BE
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js
Frame ID: DA4B7FFB7941C8B748A005F832B1DE5D
Requests: 18 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js
Frame ID: DAD93C893BCF4D2E09A8C766D33584BE
Requests: 40 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js
Frame ID: 636B78736D6EF6D8B777A7F76D98A851
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstGytuSiAHZvBF4ukujF_cfwh1lIxPq_ivy9ltO-5WfmHGW31hdaBOIPt-RCgkHqs1BJeMNmAwxMZl6KxgDaAT7mrmc2Vz8VLJXWHOmYe7jvOwcDRgQCaVo-0AhI5KuYWIw_v91udYgU-kDUWCd77RQrANJOiHLI_XJwipPB0YYhXqoDl9t7IrJZePSc-VccTdZSDv2LzakPFZmTfMPK5BTH0HNgPTVjpliak5yWQkWP4Y8m8C6wGXY01K7UBaz74XXacXZFm7UXBQ2rCGTwbFf1fCBAQqAgbWI&sig=Cg0ArKJSzBA18i_rBEwJEAE&urlfix=1&adurl=
Frame ID: 66F7E166A8A118B664B68795C7F77269
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js
Frame ID: CF824E1E0F0AD72D1639C77E48F7C754
Requests: 12 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js
Frame ID: 9611CC7D6B1D8C8A47A4E1328F569A8F
Requests: 24 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js
Frame ID: 5D2309E0F6AE288EBC8A317ACE075A0B
Requests: 12 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: E8AFBD2B6ECC822F60BFA29F1939A8C3
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 47EF32929E8543AF6E110B1E8317E5A7
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 7F9F232002C3ED9FB7374588F1DADCEF
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 8D096241CDF0BB8AB58ADDB40376B913
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 7701C92241F80B055F11A8789CAA4C80
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: B18E8487055620CAA2168A474004B03A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 180ACECA42C17C6A5D1C514B2A6415C1
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: D342CE78B9E617ADE381B7D1AB3D7AB9
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 18B13AFA6FB94A16C477C24F01E89202
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: C548976947395B8F0E6AD48154B806E3
Requests: 1 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574115077869&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
Frame ID: B9D1C7CBAFA7EC2C1646247F73B59C4D
Requests: 1 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574115077904&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
Frame ID: 21F5531B0D04565C0A91DC4594092EC4
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 2C2DD0A2BC9E54229488CA5ABA178102
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: E3761558DE915AA299CB438BFB3FE257
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 92B6EF80F3C836F875BE40181542E0A6
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: A68E77BE5A6F178B010EE1CE35E65F34
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: E592F738587F3F089CB8E254BCE900F1
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: ACECDEF803063AC2AAA7D08EFD5F4869
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 9205B34420C2A3C78C3808E2E8733A2F
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: 8D0D07373977FB7F846DC9DF68AF208C
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 0AD15E0DFBFA5C53933A5028C77A5D86
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: D822702A4A8DA33E231952B8BB4306C2
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=gdv&i=CAESEPqHSTEoLkklTHfZHMTPiMA&google_cver=1
Frame ID: 0E6F8BEB58839E9F021C4E40D510F25E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 49B4522AA1CB095575CFDE6A9650E231
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 7511003D036852C5E9BB23884B6B3475
Requests: 1 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574115076554&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
Frame ID: 443B7C0ED1CE895C2E797973F7B559CC
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 0874649928E61E039F0D35A91F80B46B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: EB784E2C0A0BA520DCAB02EAC7DE0148
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 71DB462C7327187A30F96F6D48A8F92E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: C1F6F8B8680DD734299BD540C3102FD9
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: DB2017C28095311ED27EA041709E9857
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: D938AA4089BF3221D9E89E16D9BAF8E3
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 6C7DDD26E03D475AF282D4B8FD622FF2
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=1668e2b6-968a-469a-9ca3-41fc372a426b&t=1576707083
Frame ID: 49A348088B5AC7D6609C96C11FDEBC76
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 5A973E9860542A6897828DF00D0FF9D9
Requests: 1 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574115077397&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
Frame ID: 4AD41F46EE57217DB3D9FA3D2A3F9712
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 7846CBBBD19A91A33FC0B0C0AE6791BD
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 8E7C10BBF9B6F875F596D5497972A653
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

424
Requests

100 %
HTTPS

29 %
IPv6

46
Domains

78
Subdomains

60
IPs

8
Countries

3546 kB
Transfer

9565 kB
Size

16
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/BleepingComputer

Search URL Search Domain Scan URL

URL: https://twitter.com/BleepinComputer

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/BleepingComputer

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/
Title: Deals

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/elearning?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: eLearning

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/certifications?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: IT Certification Courses

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/gear-gadgets?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: Gear + Gadgets

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/collections/tag-cyber-security?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: Security

Search URL Search Domain Scan URL

URL: https://connatix.com/
Title: .st0{fill:#FFFFFF;}.st1{fill:#0099FF;}

Search URL Search Domain Scan URL

URL: https://twitter.com/demonslay335
Title: Michael Gillespie

Search URL Search Domain Scan URL

URL: https://id-ransomware.malwarehunterteam.com/
Title: ID Ransomware

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/027d5f87ab71044a4bbac469b6a3bf5e02571c4661939699d9050a4300d10230/detection
Title: detects

Search URL Search Domain Scan URL

URL: https://help.nextcloud.com/t/nextcry-encrypted-all-files-through-my-instance/64154
Title: posted

Search URL Search Domain Scan URL

URL: https://help.nextcloud.com/t/urgent-security-issue-in-nginx-php-fpm/62665
Title: urgent alert

Search URL Search Domain Scan URL

URL: https://github.com/neex/phuip-fpizdam
Title: public exploit

Search URL Search Domain Scan URL

URL: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
Title: issued an advisory on

Search URL Search Domain Scan URL

URL: https://twitter.com/Ionut_Ilascu

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 302
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request Chain 88

https://connatix-d.openx.net/v/1.0/av?auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=d0401647412fc4ffa28a1574115075148&vwd=834&vht=469&gdpr=1&gdpr_consent=0 HTTP 302
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=d0401647412fc4ffa28a1574115075148&vwd=834&vht=469&gdpr=1&gdpr_consent=0

Request Chain 91

https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=d0401647412fc4ffa28a1574115075148&vwd=834&vht=469&gdpr=1&gdpr_consent=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

Request Chain 93

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJjU-cNoS5Ekq-m9u7zbte0&google_cver=1

Request Chain 149

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285

Request Chain 150

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285

Request Chain 151

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285

Request Chain 152

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285

Request Chain 153

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285

Request Chain 154

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285

Request Chain 155

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285

Request Chain 156

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285

Request Chain 157

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285

Request Chain 158

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1675f0ebda8ec558;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1675f0ebda8ec558;misc=1574115076285

Request Chain 159

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285

Request Chain 160

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285

Request Chain 161

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=170b47213f42f459;misc=1574115076285; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=170b47213f42f459;misc=1574115076285

Request Chain 167

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572dc4c0-0a50-11ea-8834-1274c1fe5bf6;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285

Request Chain 168

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5757183e-0a50-11ea-b863-121e68b36cc0;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285

Request Chain 169

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A572e62cc-0a50-11ea-9b97-123ca8731fc4;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285

Request Chain 170

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A572e6452-0a50-11ea-affe-1273d078354a;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285

Request Chain 171

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e82c0-0a50-11ea-a0e7-121c10c2940c;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285

Request Chain 172

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A572e8978-0a50-11ea-9be2-124a081e334a;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285

Request Chain 173

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572e9846-0a50-11ea-a7d7-12e7f4d03460;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285

Request Chain 174

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572eb146-0a50-11ea-a705-12c8450abec2;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285

Request Chain 175

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e949a-0a50-11ea-9469-1283af18fee8;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285

Request Chain 176

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5757e3f4-0a50-11ea-a5dd-12dccfef2018;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285

Request Chain 177

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572ee6ac-0a50-11ea-b12e-1256e9c0edc4;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285

Request Chain 215

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258

Request Chain 216

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258

Request Chain 217

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258

Request Chain 268

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A57c5ab3c-0a50-11ea-949f-121ea8d7377c;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258

Request Chain 269

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A57c58cf6-0a50-11ea-8fad-12358a211a00;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258

Request Chain 270

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A57c591ba-0a50-11ea-92f6-12c8450abec2;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258

Request Chain 274

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 292

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 347

https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3029394380;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_pre=CKbZydDj9OUCFciqdwodrf4A2A;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3029394380;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 384

https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3333217504;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_pre=CP6R5tDj9OUCFYoHiwodqHQBtw;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3333217504;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 392

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1

Request Chain 394

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1

Request Chain 395

https://ib.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 410

https://ib.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync

Request Chain 412

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_cm&google_sc&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_cm=&google_sc=&google_dbm=&google_tc= HTTP 302
https://rtb.gumgum.com/usersync?b=gdv&i=CAESEPqHSTEoLkklTHfZHMTPiMA&google_cver=1

Request Chain 421

https://ib.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync

Request Chain 423

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=ttd&i=1668e2b6-968a-469a-9ca3-41fc372a426b&t=1576707083

Request Chain 426

https://ib.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync

Request Chain 429

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT

Request Chain 430

https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&gdpr_consent=&uid=UHbgN1QltGZIKrwzACOpMAEl4TJIcbZgXHPRo_lS

Request Chain 433

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_405608e2-274d-401f-8e20-68e4cd507c78&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_405608e2-274d-401f-8e20-68e4cd507c78&gdpr=0&gdpr_consent= HTTP 302
https://tag.clrstm.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=26&expires=6&user_id=&user_group=0&ssp=gumgum2 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=26&expires=6&user_id=&user_group=0&ssp=gumgum2 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=1e45ec3a-c4ec-4320-9fd8-372bbdb7b245

424 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/ 68 KB
15 KB 668ms
646ms Document
text/html 104.20.59.209
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d69f960425d48e2e99b1c9bd062ecea7aed3e49143587b9e2905ed91fd1e6b77

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.bleepingcomputer.com
:scheme: https
:path: /news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:14 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dda31174669caa8bb4e9ea2d098cb035b1574115073; expires=Tue, 17-Nov-20 22:11:13 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly; Secure session_id=2a03b8f3d612dda7d79f4ba02a6be07b; path=/; domain=.bleepingcomputer.com; httponly;Secure lav=7222; expires=Wed, 18-Dec-2019 22:11:14 GMT; Max-Age=2592000; path=/;Secure
content-security-policy: upgrade-insecure-requests;
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
last-modified: Mon, 18 Nov 2019 14:55:03 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 537d476b0c49c2b8-FRA
content-encoding: br

GET
H2 200 css
fonts.googleapis.com/ 14 KB
908 B 20ms
18ms Stylesheet
text/css 2a00:1450:4001:825::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

d229886fc63edf6b95865ad6a9e90b589ca7585d2203bc61b69f73f61f746830

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 18 Nov 2019 22:11:14 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 18 Nov 2019 22:11:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:11:14 GMT

GET
H2 200 bootstrap.css
www.bleepstatic.com/css/redesign/ 111 KB
17 KB 51ms
20ms Stylesheet
text/css 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/bootstrap.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 1488041
cf-polished: origSize=137522
status: 200
cf-bgj: minify
last-modified: Fri, 23 Sep 2016 14:33:06 GMT
server: cloudflare
etag: W/"2184297232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d476f5924cbac-VIE
expires: Fri, 01 Nov 2019 16:48:04 GMT

GET
H2 200 main.css
www.bleepstatic.com/css/redesign/ 51 KB
9 KB 52ms
22ms Stylesheet
text/css 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 1418519
cf-polished: origSize=60842
status: 200
cf-bgj: minify
last-modified: Thu, 16 Aug 2018 15:28:40 GMT
server: cloudflare
etag: W/"4249134023"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d476f5925cbac-VIE
expires: Sat, 02 Nov 2019 12:08:26 GMT

GET
H2 200 home.css
www.bleepstatic.com/css/redesign/ 12 KB
3 KB 62ms
32ms Stylesheet
text/css 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/home.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 2332490
cf-polished: origSize=14998
status: 200
cf-bgj: minify
last-modified: Sat, 24 Mar 2018 16:18:00 GMT
server: cloudflare
etag: W/"2402535603"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d476f5928cbac-VIE
expires: Tue, 26 Nov 2019 22:16:24 GMT

GET
H2 200 news.css
www.bleepstatic.com/css/redesign/ 27 KB
5 KB 50ms
20ms Stylesheet
text/css 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/news.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c237e0ee4bb4f57215b8ea2c46b4c70b62bfdc6753cc019971ded30e06c96246

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 2677128
cf-polished: origSize=32759
status: 200
cf-bgj: minify
last-modified: Fri, 09 Aug 2019 18:26:37 GMT
server: cloudflare
etag: W/"3737855504"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d476f5929cbac-VIE
expires: Fri, 22 Nov 2019 22:32:26 GMT

GET
H2 200 jquery-1.11.1.min.js Show response
www.bleepstatic.com/js/redesign/ 94 KB
32 KB 53ms
22ms Script
text/javascript 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/jquery-1.11.1.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 23 Apr 2015 12:36:44 GMT
server: cloudflare
age: 2677495
etag: W/"3647451394"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 537d476f592acbac-VIE
access-control-allow-origin: *
expires: Fri, 22 Nov 2019 22:26:19 GMT

GET
H2 200 news.js Show response
www.bleepstatic.com/js/redesign/ 183 B
524 B 50ms
20ms Script
text/javascript 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/news.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 2677128
cf-polished: origSize=247
status: 200
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 15:41:46 GMT
server: cloudflare
etag: W/"4218930423"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d476f592ccbac-VIE
expires: Fri, 22 Nov 2019 22:32:25 GMT

GET
H2 200 connatix.renderer.infeed.min.js Show response
cdn.connatix.com/min/ 957 B
1 KB 6ms
5ms Script
application/javascript 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash: 6adc8ebdb9b6e73c368eeca44a27060c57b732dd078c35e2e0a2f5231a370b86

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-cache: HIT
content-type: application/javascript
status: 200
x-referer-host: bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1574115074.417673,VS0,VE0
content-length: 957
retry-after: 0
x-served-by: cache-fra19157-FRA

GET
H2 200 qc-consent.js Show response
www.bleepstatic.com/js/qc-consent/ 3 KB
1 KB 16ms
15ms Script
text/javascript 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 1522239
cf-polished: origSize=3848
status: 200
cf-bgj: minify
last-modified: Thu, 07 Feb 2019 13:49:44 GMT
server: cloudflare
etag: W/"3981350888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d476f7971cbac-VIE
expires: Thu, 31 Oct 2019 14:44:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 73 KB
27 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:81b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b13f6d987079baa82ce2d1466ff5f122221b0bde544130a515f041c0a781acb3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
last-modified: Mon, 18 Nov 2019 21:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27625
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:11:14 GMT

GET
H2 200 logo.png
www.bleepstatic.com/images/site/ 1 KB
1 KB 19ms
19ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/logo.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 430459
cf-polished: origFmt=png, origSize=1882
status: 200
content-disposition: inline; filename="logo.webp"
cf-bgj: imgq:85
content-length: 1152
last-modified: Sat, 04 Mar 2017 04:12:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d476f99cecbac-VIE
expires: Fri, 13 Dec 2019 22:36:55 GMT

GET
H2

200

brand Show response
cse.google.com/coop/cse/
Redirect Chain

https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

3 KB
2 KB

19ms
6ms

Script
text/javascript

2a00:1450:4001:824::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

pfe /

Resource Hash

4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: pfe
age: 1
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=1800
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1181
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:41:13 GMT

Redirect headers

date: Mon, 18 Nov 2019 22:11:14 GMT
x-content-type-options: nosniff
server: sffe
location: https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 266
x-xss-protection: 0

GET
H2 200 pubfig.min.js Show response
a.pub.network/bleepingcomputer-com/ 437 KB
116 KB 58ms
28ms Script
application/javascript 2606:4700:20::681a:18b
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 611991a401230a6899ba518b2fd29f5065c84bfe0ca27eecebb76569c84b45ac

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 37
status: 200
x-guploader-uploadid: AEnB2UrFPqWz8OQTGTKHDXpp3LBTJZywdo2sILe7KXkvkvYTdvuW0tKOuU4e-UewpZEfFzGaL8kEDHzCIyQlxoIdLFiF_u8h1w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Wed, 13 Nov 2019 21:57:22 GMT
server: cloudflare
etag: W/"9a29204d206bb167c002af3c09b1d0dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=qY/duQ==, md5=mikgTSBrsWfAAq88CbHQ3A==
content-type: application/javascript
x-goog-generation: 1573682242619274
cache-control: public, max-age=1800
x-goog-stored-content-length: 447029
cf-ray: 537d476fc8a28ca4-VIE
expires: Mon, 18 Nov 2019 22:11:37 GMT

GET
H/1.1 200
OK fab.js Show response
ecdn.analysis.fi/static/js/ 2 KB
1 KB 91ms
23ms Script
application/javascript 178.79.175.86
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://ecdn.analysis.fi/static/js/fab.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.79.175.86 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: nb-178-79-175-86.london.nodebalancer.linode.com
Software: nginx/1.12.2 /
Resource Hash: a00d8ffa45611c04d84361ae0d37d38da8be0e11dfde738f4142a97f32b752eb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 22:12:42 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Jul 2015 00:00:00 GMT
Server: nginx/1.12.2
ETag: "55a5a280-390"
Content-Type: application/javascript
Cache-Control: max-age=3600
Connection: close
Content-Length: 912
Expires: Mon, 18 Nov 2019 23:12:42 GMT

GET
H2 200 login_bg.png
www.bleepstatic.com/images/site/ 126 B
288 B 26ms
26ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/login_bg.png
Requested by: Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 4072
cf-polished: origFmt=png, origSize=187
status: 200
content-disposition: inline; filename="login_bg.webp"
cf-bgj: imgq:85
content-length: 126
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d476fa9f0cbac-VIE
expires: Sun, 17 Nov 2019 22:32:26 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 12 Nov 2019 15:22:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 542945
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Wed, 11 Nov 2020 15:22:09 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 12 Nov 2019 15:22:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 542946
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11020
x-xss-protection: 0
expires: Wed, 11 Nov 2020 15:22:08 GMT

GET
H2 200 connatix.renderer.infeed.min_dc.js Show response
cdns.connatix.com/p/1810/min/ Frame 08C2 720 KB
187 KB 6ms
6ms Script
application/x-javascript 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.connatix.com/p/1810/min/connatix.renderer.infeed.min_dc.js
Requested by: Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 1f4113e33fc5026c3656072979d3684273bacfcb1fbf585d60f312ba525c7f3c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: gzip
age: 5985
x-cache: HIT, HIT
status: 200
content-length: 191398
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dca17732-DCA, cache-fra19157-FRA
last-modified: Mon, 18 Nov 2019 20:29:10 GMT
x-timer: S1574115075.501203,VS0,VE0
etag: "dbdb76c1ee995c4555960e14cd5eec19"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 436

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 cmp.js Show response
quantcast.mgr.consensu.org/ 213 KB
58 KB 173ms
10ms Script
text/javascript 2600:9000:20eb:8200:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/cmp.js
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:8200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ff1e65d5292ac70fa0ceaf87d04313c975d6299e212e0274d3d0362b218ccab8

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:08:17 GMT
content-encoding: gzip
last-modified: Mon, 18 Nov 2019 19:20:12 GMT
server: AmazonS3
age: 177
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-meta-qc-ineu: True
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: LUDI917OGpRrovpg0qhMCuGGHzka88j2c4uOefh-PyrFK2ziiIykBQ==
via: 1.1 172e63b20fb363ed969de28ae3937e21.cloudfront.net (CloudFront)

GET
H2 200 nav_bg.png
www.bleepstatic.com/images/site/ 72 B
328 B 17ms
16ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/nav_bg.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 435606
cf-polished: origFmt=png, origSize=83
status: 200
content-disposition: inline; filename="nav_bg.webp"
cf-bgj: imgq:85
content-length: 72
last-modified: Sat, 04 Mar 2017 07:57:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d476fba32cbac-VIE
expires: Fri, 13 Dec 2019 21:11:08 GMT

GET
H2 200 20x20-printer.png
www.bleepstatic.com/images/site/ 422 B
616 B 15ms
15ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/20x20-printer.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 433927
cf-polished: origFmt=png, origSize=824
status: 200
content-disposition: inline; filename="20x20-printer.webp"
cf-bgj: imgq:85
content-length: 422
last-modified: Sat, 03 Oct 2015 03:18:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d476fba34cbac-VIE
expires: Fri, 13 Dec 2019 21:39:07 GMT

GET
H2 200 calendar.png
www.bleepstatic.com/images/site/ 86 B
226 B 21ms
21ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/calendar.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 1642559
cf-polished: origFmt=png, origSize=129
status: 200
content-disposition: inline; filename="calendar.webp"
cf-bgj: imgq:85
content-length: 86
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d476fba35cbac-VIE
expires: Fri, 29 Nov 2019 21:55:14 GMT

GET
H2 200 clock.png
www.bleepstatic.com/images/site/ 252 B
413 B 17ms
16ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/clock.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 435660
cf-polished: origFmt=png, origSize=1316
status: 200
content-disposition: inline; filename="clock.webp"
cf-bgj: imgq:85
content-length: 252
last-modified: Fri, 29 May 2015 07:08:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d476fba36cbac-VIE
expires: Fri, 13 Dec 2019 21:10:14 GMT

GET
H2 200 comment-light.png
www.bleepstatic.com/images/site/ 96 B
261 B 19ms
19ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/comment-light.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 2182
cf-polished: origFmt=png, origSize=1034
status: 200
content-disposition: inline; filename="comment-light.webp"
cf-bgj: imgq:85
content-length: 96
last-modified: Fri, 29 May 2015 07:08:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d476fba38cbac-VIE
expires: Sun, 17 Nov 2019 22:27:17 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 12 Nov 2019 15:22:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 542952
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11180
x-xss-protection: 0
expires: Wed, 11 Nov 2020 15:22:02 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 5857
date: Mon, 18 Nov 2019 20:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Mon, 18 Nov 2019 22:33:37 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 103 KB
37 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

62ccbd973c8b54064522b36436e7a9316b4aff53d3bab6c53aa13977c4e3924b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37562
x-xss-protection: 0
server: cafe
etag: 11784735568706028645
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 18 Nov 2019 22:11:14 GMT

GET
H2 200 twitter.png
www.bleepstatic.com/images/site/login/ 282 B
422 B 17ms
16ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/login/twitter.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 671731
cf-polished: origFmt=png, origSize=475
status: 200
content-disposition: inline; filename="twitter.webp"
cf-bgj: imgq:85
content-length: 282
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d476fda94cbac-VIE
expires: Wed, 11 Dec 2019 03:35:43 GMT

GET
H2 200 bootstrap.js Show response
www.bleepstatic.com/js/redesign/ 44 KB
10 KB 19ms
18ms Script
text/javascript 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/bootstrap.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 2677128
cf-polished: origSize=65813
status: 200
cf-bgj: minify
last-modified: Thu, 23 Apr 2015 12:36:43 GMT
server: cloudflare
etag: W/"3930092018"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d476fea9acbac-VIE
expires: Fri, 22 Nov 2019 22:32:26 GMT

GET
H2 200 blazy.min.js Show response
www.bleepstatic.com/js/blazy/ 5 KB
2 KB 17ms
16ms Script
text/javascript 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/blazy/blazy.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Aug 2018 21:06:19 GMT
server: cloudflare
age: 2677128
etag: W/"753357888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 537d476fea97cbac-VIE
access-control-allow-origin: *
expires: Fri, 22 Nov 2019 22:32:26 GMT

GET
H2 200 bleep.js Show response
www.bleepstatic.com/js/redesign/ 3 KB
779 B 17ms
16ms Script
text/javascript 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/bleep.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 1664464
cf-polished: origSize=3600
status: 200
cf-bgj: minify
last-modified: Mon, 01 Oct 2018 12:47:57 GMT
server: cloudflare
etag: W/"2696894447"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d476fea9bcbac-VIE
expires: Wed, 30 Oct 2019 15:49:59 GMT

GET
H2 200 jquery.fancybox.js Show response
www.bleepstatic.com/js/redesign/fancybox/ 31 KB
9 KB 18ms
17ms Script
text/javascript 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 1955891
cf-polished: origSize=48706
status: 200
cf-bgj: minify
last-modified: Wed, 14 Oct 2015 20:25:51 GMT
server: cloudflare
etag: W/"327140449"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d476fea9ccbac-VIE
expires: Sun, 27 Oct 2019 06:52:21 GMT

GET
H2 200 fixto.min.js Show response
www.bleepstatic.com/js/fixto/ 8 KB
3 KB 17ms
17ms Script
text/javascript 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/fixto/fixto.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 13 Jun 2015 21:34:42 GMT
server: cloudflare
age: 1848735
etag: W/"1740214911"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 537d476fea99cbac-VIE
access-control-allow-origin: *
expires: Mon, 28 Oct 2019 12:38:16 GMT

GET
H2 200 addthis_widget.js Show response
s9.addthis.com/js/300/ 349 KB
113 KB 27ms
7ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://s9.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-36-164.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 30 Oct 2019 19:35:04 GMT
server: nginx/1.15.8
etag: "5db9e5e8-57446"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Mon, 18 Nov 2019 22:11:14 GMT
x-host: s9.addthis.com
content-length: 114924

GET
H2 200 g Show response
ck.connatix.com/ 46 B
184 B 6ms
6ms Script
text/plain 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://ck.connatix.com/g?callback=cnxJSONP_e6bf03ad82f844b3ecaa1574115074565
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1810/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash: 227acfc5e607ff74710a354e50b077514be9e0a5d9b8567318d6fbc235817309

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-cache: HIT
status: 200
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1574115075.569427,VS0,VE0
content-length: 46
retry-after: 0
x-served-by: cache-fra19157-FRA

GET
H2 200 32x32-printer.png
www.bleepstatic.com/images/site/ 256 B
438 B 17ms
16ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/32x32-printer.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 432664
cf-polished: origFmt=png, origSize=618
status: 200
content-disposition: inline; filename="32x32-printer.webp"
cf-bgj: imgq:85
content-length: 256
last-modified: Fri, 02 Oct 2015 21:57:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d47704b98cbac-VIE
expires: Fri, 13 Dec 2019 22:00:10 GMT

GET
H2 200 f6ed52794113bed991ef57a9029d9e70.jpg
www.bleepstatic.com/author/photos/ 7 KB
7 KB 16ms
16ms Image
image/jpeg 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/author/photos/f6ed52794113bed991ef57a9029d9e70.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a509d1a27925c55941c12295939a802c93dab63358ab8dc1d7749bd1759162a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 3942
cf-polished: degrade=85, origSize=52423, status=webp_bigger
status: 200
cf-bgj: imgq:85
content-length: 7025
last-modified: Wed, 08 Aug 2018 21:58:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d47704b99cbac-VIE
expires: Sun, 17 Nov 2019 22:26:20 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Wed, 30 Oct 2019 03:17:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 1709613
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Thu, 29 Oct 2020 03:17:41 GMT

GET
H2 200 h4-bg.png
www.bleepstatic.com/images/site/ 38 B
200 B 16ms
16ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/h4-bg.png
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 2338854
cf-polished: origFmt=png, origSize=72
status: 200
content-disposition: inline; filename="h4-bg.webp"
cf-bgj: imgq:85
content-length: 38
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d47706bc3cbac-VIE
expires: Thu, 21 Nov 2019 20:30:20 GMT

GET
H2 200 news_email_icon.png
www.bleepstatic.com/images/site/ 126 B
294 B 17ms
16ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/news_email_icon.png
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a

Request headers

Referer: https://www.bleepstatic.com/css/redesign/home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 943408
cf-polished: origFmt=png, origSize=1105
status: 200
content-disposition: inline; filename="news_email_icon.webp"
cf-bgj: imgq:85
content-length: 126
last-modified: Fri, 29 May 2015 07:10:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d47706bc5cbac-VIE
expires: Sun, 08 Dec 2019 00:07:46 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
106 B 13ms
13ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=2017160151&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ul=en-us&de=UTF-8&dt=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1010202844&gjid=395197095&cid=820536483.1574115075&tid=UA-91740-1&_gid=618912159.1574115075&_r=1&gtm=2ouav3&z=1352639206

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 news_footer_icon.png
www.bleepstatic.com/images/site/ 110 B
256 B 18ms
18ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/news_footer_icon.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 436753
cf-polished: origFmt=png, origSize=186
status: 200
content-disposition: inline; filename="news_footer_icon.webp"
cf-bgj: imgq:85
content-length: 110
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d47707c11cbac-VIE
expires: Fri, 13 Dec 2019 20:52:01 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 15ms
14ms Script
application/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 16ms
16ms Script
application/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20191114/r20190131/ 240 KB
88 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20191114/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

9abb9e299ab0f7c2c00c20f0d5858358ffa1e7a9f835bab1798c769ff3b22777

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 90016
x-xss-protection: 0
server: cafe
etag: 16514268273887163252
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Nov 2019 22:11:14 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20191114/r20190131/ Frame 03B1 0
0 6ms
6ms Document
text/html 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20191114/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20191114/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Thu, 14 Nov 2019 16:58:53 GMT
expires: Thu, 28 Nov 2019 16:58:53 GMT
content-type: text/html; charset=UTF-8
etag: 9688732929695215001
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 6504
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 364341
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
527 B 449ms
110ms XHR
text/plain 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: e091301839570837429f7cf22c35799e7261b65793a20c1b3eae043c0799be85

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Mon, 18 Nov 2019 22:11:15 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 51 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

4a65ee9f9bb56d5ae0a40fed4c51bcfa2e33dd244b8221db873712907b155812

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "341 / 26 of 1000 / last-modified: 1574096821"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15656
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:11:14 GMT

GET
H/1.1 200
OK gallery.js Show response
freestar-io.videoplayerhub.com/ 126 KB
29 KB 23ms
6ms Script
application/javascript 13.224.196.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-io.videoplayerhub.com/gallery.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.196.118 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-196-118.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 508f57e009bf7d62aa472b71e48b2ab791af50566809d85232b9ec85f9b2f41b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-amz-version-id: fX8_TLJ1n6JEwET1BL1OifloG7knfx7W
Content-Encoding: gzip
Last-Modified: Mon, 18 Nov 2019 21:15:39 GMT
Server: AmazonS3
Age: 37
Date: Mon, 18 Nov 2019 22:10:40 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA2-C1
Connection: keep-alive
X-Amz-Cf-Id: j3xNh-dyx1NH_uyYSJmxwZ0JBC5WgKqS6N3BSQslTj34gSypHtEn9Q==

GET
H2 200 prebid-analytics-2.36.5.js Show response
a.pub.network/core/ 388 KB
115 KB 205ms
204ms Script
text/html 2606:4700:20::681a:18b
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb3986a9d06585054dc84ba96f83b685c5a67527f4cdd2cdb4dfc75d49f5759f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: BYPASS
status: 200
x-guploader-uploadid: AEnB2UrSqW0prK0WgPTNzKs3BidGkuUiwYmwx6QWWW6HOHjXJOB5E2S_87a4UH_w9kVp8rmbwVbYVauQNSDubUSc4FGoHwZBbA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
last-modified: Tue, 05 Nov 2019 17:37:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EJ1yIw==, md5=e2KPF9QKTQj2iapaLVhLdw==
content-type: text/html
x-goog-generation: 1572975461697049
cache-control: private
x-goog-stored-content-length: 397332
cf-ray: 537d4771196e8ca4-VIE
expires: Tue, 17 Nov 2020 22:11:14 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 25 B
344 B 451ms
111ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 98f88d642acd9024773bf77b93f9546e3cd6fd8fa3d539d16f7b018e0cb513f2

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Mon, 18 Nov 2019 22:11:15 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 pls Show response
core.connatix.com/ Frame 08C2 6 KB
3 KB 296ms
100ms Script
text/plain 54.236.131.34
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://core.connatix.com/pls?callback=jQuery32109316734123996118_1574115074562&token=83c6e833-8c07-474c-b10f-079d46320a80&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&c_v=1810_0_0_0_0&page_guid=514bf7bff1d0f00b99821574115074738&spp=1&_=1574115074563
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1810/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.131.34 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-236-131-34.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: 86c66202fe2f81b9a9b92d2ef268b11c16cf6370325f2820c01f090874c69154

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: gzip
server: nginx/1.15.9 (Ubuntu)
access-control-allow-origin: *

GET
H/1.1 200
OK moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 24ms
7ms Script
application/x-javascript 2.18.235.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 22:11:14 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Nov 2019 20:13:52 GMT
Server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
ETag: "f14b4e1f799b14f798a195f43cf58376"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=10202
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/ 2 KB
924 B 44ms
42ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/_ate.track.config_resp
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-36-164.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.8.v20180619) /
Resource Hash: 5fe405e64b42b49a5813c2c7b8e48ccf290310c5eb351d2b15966856d1a2f06e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: gzip
surrogate-key: ra-561517d2c7f964d6
server: Jetty(9.4.8.v20180619)
etag: -1808207170--gzip
vary: Accept-Encoding
cache-tag: ra-561517d2c7f964d6
status: 200
cache-control: public, max-age=37, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-type: application/javascript;charset=utf-8
content-length: 678

GET
H2 200 NextCry_ransomware.jpg
www.bleepstatic.com/content/posts/2019/11/15/ 245 KB
245 KB 19ms
18ms Image
image/jpeg 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/posts/2019/11/15/NextCry_ransomware.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54caf22c652300e262236c2d28278ea87b99ae70e99449c64085d960ecc0901d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 270140
cf-polished: degrade=85, origSize=1282565, status=webp_bigger
status: 200
cf-bgj: imgq:85
content-length: 250594
last-modified: Fri, 15 Nov 2019 18:39:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d4771bf55cbac-VIE
expires: Sun, 15 Dec 2019 19:08:54 GMT

GET
H2 200 292x176_Microsoft_account_phishing.jpg
www.bleepstatic.com/content/hl-images/2019/11/01/thumb/ 5 KB
5 KB 16ms
16ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/11/01/thumb/292x176_Microsoft_account_phishing.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b23ccbec685446623aca983fb301b1a88bc12fa58fc766c2578a300f0847d4a2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 135466
cf-polished: qual=85, origFmt=jpeg, origSize=7234
status: 200
content-disposition: inline; filename="292x176_Microsoft_account_phishing.webp"
cf-bgj: imgq:85
content-length: 5232
last-modified: Fri, 01 Nov 2019 19:47:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d4771bf56cbac-VIE
expires: Tue, 17 Dec 2019 08:33:27 GMT

GET
H2 200 292x176_Windows_10.jpg
www.bleepstatic.com/content/hl-images/2019/05/28/thumb/ 3 KB
3 KB 18ms
18ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/05/28/thumb/292x176_Windows_10.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4daccf1290c23d7d9054630986cc4bc59ab42763fa7a8e808a6fcf1e0efd6070

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
age: 108030
cf-polished: qual=85, origFmt=jpeg, origSize=5418
status: 200
content-disposition: inline; filename="292x176_Windows_10.webp"
cf-bgj: imgq:85
content-length: 3284
last-modified: Tue, 28 May 2019 15:29:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d4771bf58cbac-VIE
expires: Tue, 17 Dec 2019 16:10:44 GMT

GET
H2 200 jquery.fancybox.css
www.bleepstatic.com/js/redesign/fancybox/ 4 KB
1 KB 18ms
17ms Stylesheet
text/css 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 2677126
cf-polished: origSize=4895
status: 200
cf-bgj: minify
last-modified: Wed, 14 Oct 2015 20:25:51 GMT
server: cloudflare
etag: W/"9108074"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d4771bf59cbac-VIE
expires: Fri, 22 Nov 2019 22:32:28 GMT

GET
H2 200 font-awesome.css
www.bleepstatic.com/css/redesign/ 22 KB
5 KB 17ms
16ms Stylesheet
text/css 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/font-awesome.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: br
cf-cache-status: HIT
age: 2677126
cf-polished: origSize=26776
status: 200
cf-bgj: minify
last-modified: Tue, 03 May 2016 04:39:29 GMT
server: cloudflare
etag: W/"1700274315"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 537d4771bf5acbac-VIE
expires: Fri, 22 Nov 2019 22:32:28 GMT

GET
H2 200 pubads_impl_2019111401.js Show response
securepubads.g.doubleclick.net/gpt/ 159 KB
58 KB 39ms
39ms Script
text/javascript 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

sffe /

Resource Hash

7aee25147e91ea27917ac5cfd8ea30fdcae0e6b1072e51a1d644dafb76ab5c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 14 Nov 2019 14:12:07 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 59644
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:11:14 GMT

GET
H2 200 fetch_frame_2019111401.html
ff.doubleclick.net/tag/js/ Frame 17F7 0
0 7ms
6ms Document
text/html 2a00:1450:4001:81c::2006
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ff.doubleclick.net/tag/js/fetch_frame_2019111401.html

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: ff.doubleclick.net
:scheme: https
:path: /tag/js/fetch_frame_2019111401.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 6737
date: Mon, 18 Nov 2019 19:20:53 GMT
expires: Tue, 17 Nov 2020 19:20:53 GMT
last-modified: Thu, 14 Nov 2019 14:12:07 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 10221
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v27/ Frame 38FB 0
0 41ms
8ms Document
text/html 2600:9000:20eb:d600:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v27/cmp-3pc-check.html
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:d600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: static.quantcast.mgr.consensu.org
:scheme: https
:path: /v27/cmp-3pc-check.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
content-type: text/html
content-length: 583
last-modified: Mon, 18 Nov 2019 19:20:05 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Mon, 18 Nov 2019 22:06:18 GMT
etag: "2382c3f01978a379e8fa8bc1a3bec605"
x-cache: Hit from cloudfront
via: 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: 0BiZhTt2OT-tEr3RHsI8AvR_d-BQ7KjBZmYDRerIzHsxJk-YrLjMoQ==
age: 324

GET
H2 200 fontawesome-webfont.woff
www.bleepstatic.com/fonts/ 64 KB
64 KB 47ms
19ms Font
application/octet-stream 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepstatic.com/css/redesign/font-awesome.css
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
cf-cache-status: HIT
last-modified: Thu, 23 Apr 2015 09:36:00 GMT
server: cloudflare
age: 5312
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
status: 200
accept-ranges: bytes
cf-ray: 537d47722d5959ee-VIE
access-control-allow-origin: *
content-length: 65452

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame C8E6 0
0 57ms
56ms Document
text/html 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1574088903&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1574115074780&bpp=3&bdt=369&fdt=111&idt=111&shv=r20191114&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=1002568951014&frm=20&pv=2&ga_vid=820536483.1574115075&ga_sid=1574115075&ga_hid=2017160151&ga_fc=0&iag=0&icsg=43980476129280&dssz=46&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=3946086092703932&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=124

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191114/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1574088903&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1574115074780&bpp=3&bdt=369&fdt=111&idt=111&shv=r20191114&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=1002568951014&frm=20&pv=2&ga_vid=820536483.1574115075&ga_sid=1574115075&ga_hid=2017160151&ga_fc=0&iag=0&icsg=43980476129280&dssz=46&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=3946086092703932&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=124
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 18 Nov 2019 22:11:14 GMT
server: cafe
content-length: 44
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 18-Nov-2019 22:26:14 GMT; path=/; domain=.doubleclick.net
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires: Mon, 18 Nov 2019 22:11:14 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 78 KB
29 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191114/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0e946b0ee0337cf23c845f67a238e1fefd5f1e014fdbd8ea27870172fcedd40f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29338
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:11:14 GMT

GET
H2 200 layers.ab5cd98fe1b9a38a4a9f.js Show response
s7.addthis.com/static/ 263 KB
76 KB 19ms
17ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-36-164.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Mon, 18 Nov 2019 22:11:14 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77528

GET
H2 200 cmpui-popup.js Show response
static.quantcast.mgr.consensu.org/v27/ 222 KB
60 KB 7ms
7ms Script
text/javascript 2600:9000:20eb:d600:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v27/cmpui-popup.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:d600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2363cbdace3d4db7b0ee2f0fcf42a722658814affea6c100f3679f7c21ff9e11

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:08:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Nov 2019 19:20:04 GMT
server: AmazonS3
age: 216
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: znr05x9FFQuUhJj1kze9k2GCf15KtaCtFvo1PjsUv9QMPumH-CaiKA==
via: 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 86 KB
25 KB 39ms
22ms Script
application/javascript 13.224.199.29
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.199.29 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-199-29.fra2.r.cloudfront.net
Software: Server /
Resource Hash: f623e1d423f85d8c36affb7faf68d0b804e0389e2621de2ea9eb97bb0df21c76

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 16:49:03 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: FRA2-C1
etag: be7f8341d4f7676793a79e413ef9eafd
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
accept-ranges: bytes
x-amz-cf-id: ZZuk7Lc1Yw_QlNX82clRmwfUozqtEE2bYyk-WiOKskWWmmvSs-5kmw==
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/dvS98IKwDukcG6gPDYBBcCk9sKY/gpt_and_prebid/ 301 KB
63 KB 16ms
5ms Script
text/javascript 151.101.113.194
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/dvS98IKwDukcG6gPDYBBcCk9sKY/gpt_and_prebid/config.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.194 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e8af3f6e8493a4786c8e6b7bf16dfe963c666b1feaab5010bae34a182db108db

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 22:11:14 GMT
Content-Encoding: gzip
Age: 3249
X-Cache: HIT
Connection: keep-alive
Content-Length: 64191
x-amz-id-2: +z0LnOrq7wRXRx/gMD6TxsDQk4f/gBm0dyNx8m7mwNJSQsCO6nx8lBsQ1kljlQQV2vIkjorzAVY=
X-Served-By: cache-hhn4062-HHN
Last-Modified: Mon, 18 Nov 2019 21:15:16 GMT
Server: AmazonS3
X-Timer: S1574115075.962914,VS0,VE0
ETag: "49c6a860de21e933bc2edda2aab62dfd"
x-amz-request-id: A94A16F7CBE01C10
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 64

GET
H/1.1 200
OK v2 Show response
d.pub.network/floors/ 2 KB
3 KB 300ms
111ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/floors/v2?key=535desktop
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 7d265db9111a3e7db941671d0e0e27640336609f339e539c4e6ff8a56c266ffd

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Mon, 18 Nov 2019 22:11:15 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 90 KB
17 KB 63ms
49ms XHR
application/json 2600:9000:2156:9000:1:af78:4c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:9000:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 56c5bb68b668e5b4d1f7f18d9dbc060c9de85befbbbf5e797f75a136a48210f8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Fri, 15 Nov 2019 06:39:33 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 55471
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 14 Nov 2019 16:00:22 GMT
server: AmazonS3
access-control-max-age: 604800
access-control-allow-methods: GET
x-amz-version-id: CP8lTLg5r5SH0TqZzNcUmewGTJ3LufA5
via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc5.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
x-amz-cf-id: iAvoj5vrGp5AQN4IWXb_oWREsiHdMbCYIHtL6KMOANtkIzzmCRtoqA==

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/prebid/201911121507/ 29 KB
11 KB 5ms
5ms Script
application/javascript 151.101.113.194
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/prebid/201911121507/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/dvS98IKwDukcG6gPDYBBcCk9sKY/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.194 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a0166fe46c8c973fc2b03e65ebe5b1cc43cadffa32c64388dbb0c99a0eb26def

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 22:11:15 GMT
Content-Encoding: gzip
Age: 685
X-Cache: HIT
Connection: keep-alive
Content-Length: 11064
x-amz-id-2: FliV/Ba/bG3RdELZWx57CfObblPgy81iler6d4HgMQRdnereVk51Tv6JXeg6AbQM0+wOXuT7ad4=
X-Served-By: cache-hhn4062-HHN
Last-Modified: Tue, 12 Nov 2019 20:09:08 GMT
Server: AmazonS3
X-Timer: S1574115075.037952,VS0,VE0
ETag: "75dc5f5ddf96babbd6b101c2f462efd9"
x-amz-request-id: B38055B3EA5D55B7
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 962

GET
H2 200 beacon.js Show response
ad-delivery.net/ 1 KB
987 B 22ms
6ms Script
application/x-javascript 13.225.78.17
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ad-delivery.net/beacon.js
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.78.17 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-225-78-17.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Tue, 31 Jan 2017 15:06:54 GMT
server: AmazonS3
age: 2554
date: Mon, 18 Nov 2019 21:28:46 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 71EmZ_I0Mi5poeXzEHMje6nFIAQnePf-08k4Q4x8slOVPQHKqC-XGg==
via: 1.1 a32f966fc5896281eb3de44fd8f57d40.cloudfront.net (CloudFront)

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 21ms
6ms XHR
application/javascript 13.224.199.29
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.199.29 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-199-29.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 14:07:57 GMT
content-encoding: gzip
vary: Origin
age: 28999
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Fri, 01 Nov 2019 13:46:13 GMT
server: AmazonS3
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 3df1d6f6e1999cb29078ddff1a62bd1d.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: -BxHlC3xc-1rqbkPbqYam5Z1P9XKiW2Y8MPnV6c7yOoEaQm14DYcOw==

GET
H2 404 CookieAccess Show response
api.quantcast.mgr.consensu.org/ 30 B
597 B 126ms
110ms XHR
application/json 13.225.78.52
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.quantcast.mgr.consensu.org/CookieAccess
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.78.52 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-225-78-52.fra2.r.cloudfront.net
Software: /
Resource Hash: 5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
content-encoding: gzip
x-amz-cf-pop: FRA2-C2
x-amzn-requestid: 068550ce-899d-41d8-9afe-5144c23a50fd
x-cache: Error from cloudfront
status: 404
x-amz-apigw-id: DYCIgESHIAMFlug=
content-length: 50
access-control-allow-origin: https://www.bleepingcomputer.com
x-amzn-trace-id: Root=1-5dd31703-480504e13ce43f2ae6d60bc1;Sampled=0
vary: Origin
access-control-allow-methods: GET, POST
content-type: application/json
via: 1.1 d6b9c7bad28b271f1e800a50d49ab8a4.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
x-amz-cf-id: mbEZBqPp3qaBTScOBjJU6kaKzFvbMlGjvP5EIDvx7Zs6G3Yn20ee9Q==

GET
DATA 200
OK truncated
/ 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 322.jpg
i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/ 19 KB
19 KB 7ms
6ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/322.jpg?mode=stretch&connatiximg=true&scale=both&height=469&width=834
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: aa8492564de2f3bfc22e59717bcf4d73f41c3b3c0fd6337c6734b3fcc7208928

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 varnish, 1.1 varnish
age: 82004
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1574115075.152645,VS0,VE0
access-control-allow-origin: *
content-length: 19804
x-served-by: cache-sjc3123-SJC, cache-fra19157-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/6b3d073a-ab84-48e0-9cd7-35a9c1945458/ 25 KB
25 KB 8ms
7ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/6b3d073a-ab84-48e0-9cd7-35a9c1945458/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: a20998071047a414a5903cad15dcf2ac067f44665db72e3fefcf24d2822d0917

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 varnish, 1.1 varnish
age: 82005
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 2, 1
accept-ranges: bytes
x-timer: S1574115075.153293,VS0,VE0
access-control-allow-origin: *
content-length: 25206
x-served-by: cache-sjc3140-SJC, cache-fra19157-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/09a41d2f-41da-487e-80e1-01ca2c0c7ae5/ 43 KB
43 KB 14ms
13ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/09a41d2f-41da-487e-80e1-01ca2c0c7ae5/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 498fa60015c62227930abab617bdf00ff2a35b607c632519e4cf280248e310f6

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 varnish, 1.1 varnish
age: 168579
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 19, 1
accept-ranges: bytes
x-timer: S1574115075.153265,VS0,VE1
access-control-allow-origin: *
content-length: 43587
x-served-by: cache-sjc3129-SJC, cache-fra19157-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/3e3917fb-977b-432f-8658-7dbc3df81a1e/ 44 KB
44 KB 9ms
9ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/3e3917fb-977b-432f-8658-7dbc3df81a1e/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 61e84f3146432902f50ca620696b8c953609d21b77dd08af709cbd4607d68240

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 varnish, 1.1 varnish
age: 168580
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 2, 1
accept-ranges: bytes
x-timer: S1574115075.153293,VS0,VE0
access-control-allow-origin: *
content-length: 45409
x-served-by: cache-sjc3150-SJC, cache-fra19157-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/0456fa84-7b61-4bfc-b828-56f60b93d6a9/ 45 KB
45 KB 7ms
6ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/0456fa84-7b61-4bfc-b828-56f60b93d6a9/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 51811cd84fe99129d82bda28acffd8e295d040f9b51cd4b1f556734b89e84fc6

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 varnish, 1.1 varnish
age: 168579
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 891
accept-ranges: bytes
x-timer: S1574115075.153357,VS0,VE0
access-control-allow-origin: *
content-length: 46346
x-served-by: cache-sjc3121-SJC, cache-fra19157-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/4ed3dc26-01eb-489f-a9ec-f1c76301b81a/ 18 KB
18 KB 13ms
12ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/4ed3dc26-01eb-489f-a9ec-f1c76301b81a/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: c9d000c50a0e3d638e258d48ab0de4426db3c1d3a9a7950a921eef279441076b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 varnish, 1.1 varnish
age: 255207
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 3, 1
accept-ranges: bytes
x-timer: S1574115075.153355,VS0,VE1
access-control-allow-origin: *
content-length: 18326
x-served-by: cache-sjc3146-SJC, cache-fra19157-FRA

GET
H2 200 bleeping-computerlogo-lg.png
www.bleepstatic.com/logos/ 7 KB
7 KB 23ms
22ms Image
image/webp 104.26.12.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/logos/bleeping-computerlogo-lg.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
cf-cache-status: HIT
age: 931489
cf-polished: origFmt=png, origSize=15281
status: 200
content-disposition: inline; filename="bleeping-computerlogo-lg.webp"
cf-bgj: imgq:85
content-length: 7156
last-modified: Wed, 07 Jan 2015 22:52:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 537d4773bc00cbac-VIE
expires: Sun, 08 Dec 2019 03:26:25 GMT

GET
H2 200 0_th_1.jpg
i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/ Frame 08C2 23 KB
23 KB 8ms
8ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/0_th_1.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 varnish, 1.1 varnish
age: 1195305
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1574115075.159945,VS0,VE0
access-control-allow-origin: *
content-length: 23507
x-served-by: cache-sjc3129-SJC, cache-fra19157-FRA

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
376 B 102ms
102ms XHR
text/javascript 13.224.199.29
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&pid=PqzwMuHAFIGLK&cb=0&ws=1600x1200&v=7.43.01&t=1000&slots=%5B%7B%22sd%22%3A%22bleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%7B%22sd%22%3A%22bleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%2C%7B%22sd%22%3A%22bleepingcomputer_300x250_300x600_160x600_Right_1%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_1%22%7D%2C%7B%22sd%22%3A%22bleepingcomputer_300x250_300x600_160x600_Right_2%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%2C%7B%22sd%22%3A%22bleepingcomputer_728x90_320x50_InContent_1%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%22%7D%2C%7B%22sd%22%3A%22bleepingcomputer_300x250_300x600_160x600_Right_3%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_3%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.199.29 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-199-29.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: bAZkl6hL4-5iJKCMxN5SsLQCO7N4X9c_qL38Snf8YorFKrUhcCNtTQ==

GET
H2

302

av Show response
connatix-d.openx.net/v/1.0/ Frame 08C2
Redirect Chain

https://connatix-d.openx.net/v/1.0/av?auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=d0401647412...
https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=d04016...

0
-1 B

29ms
15ms

XHR

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=d0401647412fc4ffa28a1574115075148&vwd=834&vht=469&gdpr=1&gdpr_consent=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 google
server: OXGW/16.167.1
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=d0401647412fc4ffa28a1574115075148&vwd=834&vht=469&gdpr=1&gdpr_consent=0
p3p: CP="CUR ADM OUR NOR STA NID"
status: 302
access-control-allow-credentials: true
alt-svc: clear
content-length: 0

Redirect headers

date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 google
server: OXGW/16.167.1
status: 302
location: https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=d0401647412fc4ffa28a1574115075148&vwd=834&vht=469&gdpr=1&gdpr_consent=0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 458ms
110ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e091301839570837429f7cf22c35799e7261b65793a20c1b3eae043c0799be85

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Mon, 18 Nov 2019 22:11:15 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H/1.1 200
OK r
trk.connatix.com/ Frame 08C2 0
162 B 369ms
88ms Image
text/plain 52.3.42.128
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/r?connatix_sess=pY1I78tM9h_lX8r_4FYvsPEs912UKUFYLDb6wKhwIykr_P20GB0l5lDk01qq4el24LXIgs6OUR57NDyeZnJajN0cwOyG8YAsMQp4WCtdl3rbYenhH6wVYd19TyPsNmB_2sT-2ePnIx6uJUxxGKFz3l3TEnDD-4U57c5cL_124LHp5uxHCv4ZGeA-l9X6QqDf&videoID=639404&c_pl=QG-K6Vejrprl8XzBIVPk6CSD-ofrC_vrasP1t7Lcp3Gj8uMPyirZRa61SgeUsM0LwhUXLsz8sEll8Uc1KJukbuKJEHiDil5MCE0rvLYV-rocVWH8kXpga2DBdyERmdYE8pmL8h87jbrrn3UDDboYub3Ih_btrB2k3EE74J58XJZ5BU_qEakd0WYh6pQMe_ag0g7BfhBILvtARinCebr1POx7m0kIAsVDDrP75APTZi8&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-lin&c_v=1810_0_0_0_0&spp=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.3.42.128 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-3-42-128.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 18 Nov 2019 22:11:15 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

GET
H2

302

pixel Show response
cm.g.doubleclick.net/ Frame 08C2
Redirect Chain

https://connatix-d.openx.net/v/1.0/av?cc=1&auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=d04016...
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

0
-1 B

23ms
22ms

XHR
text/xml

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 google
server: OXGW/16.167.1
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
p3p: CP="CUR ADM OUR NOR STA NID", CP="CUR ADM OUR NOR STA NID"
status: 302
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: text/xml
alt-svc: clear
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 google
server: OXGW/16.167.1
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
p3p: CP="CUR ADM OUR NOR STA NID", CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: text/xml
alt-svc: clear
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET

sd
us-u.openx.net/w/1.0/ Frame 08C2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJjU-cNoS5Ekq-m9u7zbte0&google_cver=1

0
0

GET
H2 200 av Show response
connatix-d.openx.net/v/1.0/ Frame 08C2 48 B
234 B 24ms
23ms XHR
text/xml 34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://connatix-d.openx.net/v/1.0/av?auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=e6ca7bf85cb59d7e2c991574115075266&vwd=834&vht=470&gdpr=1&gdpr_consent=0
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1810/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash: a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 google
server: OXGW/16.167.1
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: text/xml
alt-svc: clear
content-length: 48
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 av Show response
connatix-d.openx.net/v/1.0/ Frame 08C2 48 B
231 B 29ms
29ms XHR
text/xml 34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://connatix-d.openx.net/v/1.0/av?auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=c5e2300849244bb744831574115075296&vwd=834&vht=470&gdpr=1&gdpr_consent=0
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1810/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash: a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 google
server: OXGW/16.167.1
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: text/xml
alt-svc: clear
content-length: 48
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 av Show response
connatix-d.openx.net/v/1.0/ Frame 08C2 48 B
231 B 26ms
26ms XHR
text/xml 34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://connatix-d.openx.net/v/1.0/av?auid=540193942&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&cb=2cf2c7fca24565d63f621574115075331&vwd=834&vht=470&gdpr=1&gdpr_consent=0
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1810/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash: a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:15 GMT
via: 1.1 google
server: OXGW/16.167.1
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: text/xml
alt-svc: clear
content-length: 48
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 / Show response
audit.quantcast.mgr.consensu.org/ 80 B
485 B 28ms
7ms XHR
text/html 13.224.196.53
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://audit.quantcast.mgr.consensu.org/?log=;1574115075480;BleepingComputer.com;https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F;;;;;p,off,false,,1,en,27,175,true,false,false;displayConsentUi:mandatory,
Requested by: Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v27/cmpui-popup.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.196.53 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-196-53.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 07:13:00 GMT
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
vary: Origin
age: 53896
x-cache: Hit from cloudfront
status: 200
content-length: 80
last-modified: Mon, 11 Jun 2018 22:07:34 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: hBqDvI6iaRjCOQ8qSZeTtSmsBa5XDnky7GXrA6ggsKV2E-BET7bMrA==

GET
H/1.1 200
OK jquery.color-2.1.2.min.js Show response
cluster-na.cdnjquery.com/color/ 92 B
356 B 360ms
88ms Script
text/javascript 3.222.69.96
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=btjsonpcallback1574115075565&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F%22%2C%22aa%22%3A3%2C%22pgid%22%3A%22564368b5-0a50-11ea-b637-4968f7bc58ab%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&csVersion=1.20.2&clearThroughOptions=undefined

Requested by

Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.69.96 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-3-222-69-96.compute-1.amazonaws.com

Software

nginx/1.14.1 /

Resource Hash

ce75b775649586f6b614171744f1f4bcb258024303cae81517fcdbff440b6fdf

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 22:11:15 GMT
Content-Encoding: gzip
Server: nginx/1.14.1
ETag: W/"5c-sZtFON5nmHG5jqG5+rIQrQSVFdI"
X-Frame-Options: DENY
Content-Type: text/javascript; charset=utf-8
Charset: utf8
Connection: keep-alive
Content-Length: 84

GET
H2 200 px.gif
ad-delivery.net/ 43 B
384 B 7ms
6ms Image
image/gif 13.225.78.17
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.4410895936569488
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.78.17 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-225-78-17.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 a32f966fc5896281eb3de44fd8f57d40.cloudfront.net (CloudFront)
last-modified: Thu, 27 Jul 2017 18:59:05 GMT
server: AmazonS3
age: 5865
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache: Hit from cloudfront
content-type: image/gif
status: 200
date: Mon, 18 Nov 2019 20:35:44 GMT
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 43
x-amz-cf-id: FNPcvh4FXJzkqKcfz2F5rCy3PuPQOROd0mwC07Z9zcAm9eeU33tVpw==

GET
H2 200 48.008759e9efe1c1b693dd.js Show response
s7.addthis.com/static/ 281 B
486 B 9ms
9ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/48.008759e9efe1c1b693dd.js

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-36-164.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-119"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Mon, 18 Nov 2019 22:11:15 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 246

GET
H2 200 / Show response
graph.facebook.com/ 313 B
418 B 53ms
41ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_cjhv0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

c5f8d13b1f2b5de65c2b3ad8afb00544ba005e446b5e2246955239d46cea09f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Mon, 18 Nov 2019 22:11:15 GMT
x-fb-rev: 1001445541
alt-svc: h3-23=":443"; ma=3600
content-length: 214
pragma: no-cache
x-fb-debug: M84L77uKPB4hd/vT3EznQ5XHMdZYcgwm9Mrl+bOFovRmHDLj9F4fXRGDiF2avr/dgQueZNKUVJoMB8TRuG+jeQ==
x-fb-trace-id: Ae/YMEkmmVJ
etag: "43e6798829f5669484d273b9c03cda9b3b2ef864"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: A1U-iGjEisbxEzJeqVXtMvZ
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.11
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 info.json Show response
www.reddit.com/api/ 21 KB
3 KB 506ms
492ms Script
application/javascript 151.101.13.140
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&jsonp=_ate.cbs.rcb_dug90

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.13.140 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

snooserv /

Resource Hash

85ad1e6a0feb0995c357300fba295819fb7dc1f64f78ad35e2088fa9a834a90b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 varnish
x-cache: MISS
status: 200
x-cache-hits: 0
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 2417
x-xss-protection: 1; mode=block
x-served-by: cache-fra19133-FRA
x-moose: majestic
server: snooserv
x-timer: S1574115076.916203,VS0,VE484
x-frame-options: SAMEORIGIN
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
expires: -1

GET
H2 200 / Show response
graph.facebook.com/ 151 B
605 B 47ms
36ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_d0tx0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

75b1cfe3368045582f8c78e8ab564c35d93a7432f65c7084ef8e3ffadde4f939

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Mon, 18 Nov 2019 22:11:15 GMT
x-fb-rev: 1001445541
alt-svc: h3-23=":443"; ma=3600
content-length: 151
pragma: no-cache
x-fb-debug: 6a83/nIb5YmdoPzvSJxDHP2f9iTCsf0+WrqT1prsjpKM+iLOldXuUQRaCGDW0Iw9HUAvvnvzPXLMAsrk/fj1dw==
x-fb-trace-id: BmoxLuqQmP8
etag: "46c1bdc2148060543d4b40ec2cb381d980e699df"
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: Acf7vb4gEJXa8cPA8uMcaDt
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.11
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 info.json Show response
www.reddit.com/api/ 126 B
699 B 136ms
122ms Script
application/javascript 151.101.13.140
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&jsonp=_ate.cbs.rcb_ctic0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.13.140 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

snooserv /

Resource Hash

1fc9243dbc326728b25686a5855bc6a8c304c4eddd5a72f6945b622db111d2a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:16 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 200
x-cache-hits: 0
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 126
x-xss-protection: 1; mode=block
x-served-by: cache-fra19133-FRA
x-moose: majestic
server: snooserv
x-timer: S1574115076.916214,VS0,VE117
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
expires: -1

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 174 B
379 B 30ms
29ms XHR
application/json 34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_2.1.9&dddid=7ee82d9b-8bae-461f-8fba-eb0eb1071d0e%2Cae3899e2-543d-44de-8b03-0eb707ded723%2Caf6c16df-70bc-4ad2-9b1b-128029358ac3%2Ca300dc9e-6547-42ea-a602-c81348c37d6c%2Cc8da3720-3474-4e02-862d-3d4796d8b6a5%2Cbbb2f31a-6d68-4b12-9083-0b37dfe6c748&nocache=1574115076269&x_gdpr_f=1&pubcid=d37ca62e-c832-4829-b89c-10e435679d30&aus=728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C300x250%2C300x600%7C300x250%2C300x600%7C728x90%7C300x250%2C300x600&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&auid=539181725%2C539181725%2C539181725%2C539181725%2C539181725%2C539181725&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash: 0b89022d9a67a006d9e99bc502ced221b13d2bcd4ef1cfd631706748a325d9e0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
via: 1.1 google
server: OXGW/16.167.1
status: 200
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 174
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
914 B 181ms
168ms XHR
application/json 2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%2211ca3ae5878f5ac%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22124a9a6280ba9d1%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%221342997984737d8%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%221482ae05155a34%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22id%22%3A%2215e56b924ab91dc%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%2216fc2de337d08f6%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%221758917083ae1ac%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22id%22%3A%2218bd795a338b379%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%22194f333f55b6ce7%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%2C%7B%22id%22%3A%222048255374de9e4%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%2221ebcbc3d9bb58c%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%2C%7B%22id%22%3A%222292184263ed06%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%2223b4cf079a3975d%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%22241e59a0711ded9%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7b8efe13a8da9af9f09f9c282e1962cfb0760e3aeebd6260a3c800447c60ceee

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:16 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Mon, 18 Nov 2019 22:11:16 GMT

GET
H2 200 display Show response
mantodea.mantisadnetwork.com/prebid/ 56 B
316 B 282ms
100ms XHR
application/javascript 52.72.165.42
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/display?tz=-60&buster=1574115076271&secure=true&version=9&mobile=false&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&measurable=true&bids[0][bidId]=2650dd00b0428f8&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=bleepingcomputer_728x90_970x90_970x250_320x50_ATF&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[0][sizes][1][width]=970&bids[0][sizes][1][height]=90&bids[0][sizes][2][width]=970&bids[0][sizes][2][height]=250&bids[1][bidId]=273db98ef7829c2&bids[1][config][property]=5c3404d83e048a00261ad27f&bids[1][config][zone]=bleepingcomputer_728x90_970x90_970x250_320x50_BTF&bids[1][sizes][0][width]=728&bids[1][sizes][0][height]=90&bids[1][sizes][1][width]=970&bids[1][sizes][1][height]=90&bids[1][sizes][2][width]=970&bids[1][sizes][2][height]=250&bids[2][bidId]=284b857e4dc38d6&bids[2][config][property]=5c3404d83e048a00261ad27f&bids[2][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_1&bids[2][sizes][0][width]=300&bids[2][sizes][0][height]=250&bids[2][sizes][1][width]=300&bids[2][sizes][1][height]=600&bids[3][bidId]=29c150c16ed815b&bids[3][config][property]=5c3404d83e048a00261ad27f&bids[3][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_2&bids[3][sizes][0][width]=300&bids[3][sizes][0][height]=250&bids[3][sizes][1][width]=300&bids[3][sizes][1][height]=600&bids[4][bidId]=30a125b057e0945&bids[4][config][property]=5c3404d83e048a00261ad27f&bids[4][config][zone]=bleepingcomputer_728x90_320x50_InContent_1&bids[4][sizes][0][width]=728&bids[4][sizes][0][height]=90&bids[5][bidId]=31f1eb3d233cf81&bids[5][config][property]=5c3404d83e048a00261ad27f&bids[5][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_3&bids[5][sizes][0][width]=300&bids[5][sizes][0][height]=250&bids[5][sizes][1][width]=300&bids[5][sizes][1][height]=600&property=5c3404d83e048a00261ad27f&foo
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-72-165-42.compute-1.amazonaws.com
Software: / Express
Resource Hash: aa7cc9f68114842993604a8f88c733994ae8f57103aacd2de264e12df76989ed

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
status: 200
x-powered-by: Express
etag: "971457207"
vary: Origin
content-type: application/javascript
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 56
expires: -1

POST
H2 200 v2 Show response
i.connectad.io/api/ 210 B
722 B 290ms
259ms XHR
application/json 2606:4700:10::6814:9274
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://i.connectad.io/api/v2
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:9274 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0960a652766deba8f95eff8b1a3dea399fc253457ca171753553876cd266dfc

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
alt-svc: clear
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 537d477ae844cbb8-VIE
content-type: application/json
via: 1.1 google

POST
H/1.1 204
No Content / Show response
hb.emxdgt.com/ 0
316 B 35ms
13ms XHR
text/html 18.196.104.43
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=1200&ts=1574115076272&src=pbjs
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.104.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-196-104-43.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 18 Nov 2019 22:11:15 GMT
Content-Type: text/html
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Access-Control-Allow-Headers: security, Content-Type
Content-Length: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 123 B
669 B 118ms
60ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bf9f346dccb029ccbca01292da87ff72130f9154ac588dab8008fd22777addc0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 123 B
668 B 119ms
61ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 04ac5f8791f13205bd0f3c75f57dcb099e9451406d749a827c224406048269e5

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 123 B
666 B 117ms
59ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 746f63728c66a14121a6d13b74c09980269bad4f6d41cb76ba50e5d8c4ea8caf

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 123 B
669 B 144ms
86ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3dbc24169271d2447c4f312cc07951ce561a2738d718441aed749afed7eb22f0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 204 imp Show response
g2.gumgum.com/hbid/ 0
490 B 88ms
30ms XHR
text/plain 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 204
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 123 B
668 B 119ms
61ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7de928834f3282e54d4595019ba390f3646dd68a665ad5093afe2ed8135ebd81

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 204 imp Show response
g2.gumgum.com/hbid/ 0
490 B 87ms
30ms XHR
text/plain 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 204
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 123 B
668 B 144ms
86ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b873af469bcad856da22538e4baeb1b20f5dbe6e437df2aa6f7d642b7f16606d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 123 B
670 B 125ms
68ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0dc42fa6302294718552a790b0968519473521addbb0712461c7e81f71df5c87

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 204 imp Show response
g2.gumgum.com/hbid/ 0
490 B 88ms
31ms XHR
text/plain 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 204
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 123 B
667 B 119ms
62ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 697dc0262f4d1db3f6b5fde6bf8b1df2413dc47fb57733fe9265d5b889751065

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H2 200 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 522 B
713 B 40ms
13ms XHR
application/json 2a02:fa8:8806:16::1460
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: cef5f28da488830519e2756cc96925ec83862677456059d973e86f3c329bac97

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 522
expires: 0

OPTIONS
H2 204 v1 Show response
dmx.districtm.io/b/ 0
458 B 33ms
18ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method: POST
Origin: https://www.bleepingcomputer.com
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Mon, 18 Nov 2019 22:11:16 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://www.bleepingcomputer.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
status: 204
access-control-max-age: 14400
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 537d477adf05c290-FRA
access-control-allow-headers: origin, content-type

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
548 B 318ms
303ms XHR
application/json 35.156.132.43
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=2.36.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&tmax=1200

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.132.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-156-132-43.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
2 KB 98ms
77ms XHR
application/json 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=7ee82d9b-8bae-461f-8fba-eb0eb1071d0e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.08454221779008164
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 51a9e64bcb65149c6b2f6768ce5268af57591b88ad2d017e5edcf75cb4edb229

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:16 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=423
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
2 KB 238ms
214ms XHR
application/json 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=ae3899e2-543d-44de-8b03-0eb707ded723&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9405082976656194
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: a4eee29595369b4c0c00f0efc90e6ef8d94a13e88588349ea8b29dbe93d6c931

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:16 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=453
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 201ms
176ms XHR
application/json 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=af6c16df-70bc-4ad2-9b1b-128029358ac3&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.05463658674388605
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 4e40d7b3765974239018136519e418b3f31965567f0f9370d301814f6b999ea6

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:16 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=206
Content-Length: 1547
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 81ms
53ms XHR
application/json 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=a300dc9e-6547-42ea-a602-c81348c37d6c&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5308288907937664
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 95643ceaad9c5419e1bf39554bdf0d67581f8e14114ea59067f4b04c24957689

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:16 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=415
Content-Length: 1548
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 70ms
38ms XHR
application/json 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=c8da3720-3474-4e02-862d-3d4796d8b6a5&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.20047196433491954
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 2f3f729b9eae258e65d1a011be0c900c5128200d988fcbc13776a1477a4b81ed

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:16 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=111
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 93ms
62ms XHR
application/json 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=bbb2f31a-6d68-4b12-9083-0b37dfe6c748&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3563624543831738
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: c85fc4ca10bf215cfa73b92ab2d3bc0ee0669f90f2c2a555db1a36d981686d81

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:16 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=75
Content-Length: 1544
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 61ms
40ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=999e79b9b8a67ae&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 161ms
138ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wDH8n844o8J5LF7qDwHQ7sj5&bidId=1007d27d560e7b69&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 73ms
50ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=1011e1bdbfa8b8d2&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 60ms
38ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=102cf17d95857ccb&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 72ms
49ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wDH8n844o8J5LF7qDwHQ7sj5&bidId=103ce1f343e26bc5&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 71ms
48ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=104a3744744f9552&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 125ms
65ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=10540cc005b4e8b7&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 102ms
42ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=10668fe2d168c378&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 113ms
41ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=107bee6b12da910c&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 109ms
37ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=108877cb4a2c8877&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 118ms
46ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=109589d5cc20e8b4&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 154ms
52ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=110194a8b8d56181&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 143ms
34ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=111a32247c5eb60c&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 156ms
44ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Ggh1aXSgpQAvBpkxoyAsBJPd&bidId=112ddb7f0cfbec33&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 158ms
41ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=11348507a6d8be43&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 186ms
61ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=114aa06cc7fc2187&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 195ms
52ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=115ca3da450d6c68&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 6 KB
6 KB 120ms
93ms XHR
application/json 185.64.189.112
PubMatic

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: /
Resource Hash: 198ead29759728efc903c16d8b6e6d3f9c1f870af67c71aa0d80a2d43e381680

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
x-openrtb-version: 2.3
access-control-allow-credentials: true
date: Mon, 18 Nov 2019 22:11:16 GMT
content-type: application/json

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 728 B
1 KB 54ms
35ms XHR
application/json 37.252.173.62
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

adac4ed4b03a965b346bca3f18ce01b67afc467ed07749f7fec2aea5590e7bf5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 18 Nov 2019 22:11:18 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.254:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f332d340-e2ab-4d47-965c-d79badc057ed
Server: nginx/1.13.4
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285

0
-1 B

119ms
98ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285

0
-1 B

118ms
97ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285

0
-1 B

119ms
98ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285

0
-1 B

117ms
96ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285

0
-1 B

119ms
98ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285

0
-1 B

118ms
97ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285

0
-1 B

118ms
98ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285

0
-1 B

117ms
97ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285

0
-1 B

118ms
98ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1675f0ebda8ec558;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1675f0ebda8ec558;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1675f0ebda8ec558;misc=1574115076285

0
-1 B

390ms
370ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1675f0ebda8ec558;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1675f0ebda8ec558;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1675f0ebda8ec558;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285

0
-1 B

115ms
95ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285

0
-1 B

117ms
98ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=170b47213f42f459;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=170b47213f42f459;misc=1574115076285;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=170b47213f42f459;misc=1574115076285

0
-1 B

382ms
363ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=170b47213f42f459;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=170b47213f42f459;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=170b47213f42f459;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 700 B
1 KB 21ms
7ms XHR
application/json 37.252.173.62
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

3999856b4054035479e81bce6cc3cbd79a7e3e574b096fb5cf80b9280aa5ac7d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 18 Nov 2019 22:11:18 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.111:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d3e0a8c8-2299-4e98-8589-80c77143e1c5
Server: nginx/1.13.4
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 403 KB
58 KB 905ms
905ms XHR
text/plain 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3946086092703932&correlator=2544628417536583&output=ldjh&impl=fifs&adsid=NT&eid=21065107%2C21063635%2C21064372%2C21064103&vrg=2019111401&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A553680904%2C8%3A134250504&sc=1&sfv=1-0-36&ecs=20191118&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_1x1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7&prev_iu_szs=728x90%7C970x90%7C970x250%2C728x90%7C970x90%7C970x250%2C300x250%7C300x600%2C300x250%7C300x600%2C728x90%2C1x1%2C300x250%7C300x600&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7C%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1574088903&dt=1574115076298&dlt=1574115074411&idt=526&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C436%2C1082%2C1082%2C268%2C800%2C1082&adys=146%2C8218%2C327%2C1136%2C6787%2C8724%2C1661&adks=960084856%2C976516616%2C771041174%2C2389526111%2C4047242158%2C2635258439%2C523518761&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&dssz=58&icsg=703687617945600&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1170x120%7C1200x90%7C306x250%7C306x250%7C834x90%7C1600x8724%7C306x250&msz=1170x90%7C1170x90%7C306x250%7C306x250%7C834x90%7C1600x1%7C306x250&ga_vid=820536483.1574115075&ga_sid=1574115075&ga_hid=2017160151&fws=4%2C4%2C4%2C4%2C4%2C4%2C516&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

b0c97077e3505a7b4ef72c70ee3b16d449119d5184254bd9cd6d53b2a3feb44f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 59085
x-xss-protection: 0
google-lineitem-id: -1,-2,-1,-2,-1,4893662829,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-2,-1,-2,-1,138254592126,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2019111401.js Show response
securepubads.g.doubleclick.net/gpt/ 64 KB
25 KB 39ms
39ms Script
text/javascript 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

sffe /

Resource Hash

19293620368e303e572701f2f16c940806c142dd00dcccb877b16dfcd6f59c6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 14 Nov 2019 14:12:07 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 25152
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:11:16 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-36/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
436 B 31ms
18ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Nov 2019 22:11:16 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 537d477b2e3b63cb-FRA
access-control-allow-headers: origin, content-type

GET
H2

302

ADTECH;apid=1A572dc4c0-0a50-11ea-8834-1274c1fe5bf6;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572dc4c0-0a50-11ea-8834-1274c1fe5bf6;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1...

0
-1 B

102ms
102ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572dc4c0-0a50-11ea-8834-1274c1fe5bf6;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572dc4c0-0a50-11ea-8834-1274c1fe5bf6;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572dc4c0-0a50-11ea-8834-1274c1fe5bf6;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A5757183e-0a50-11ea-b863-121e68b36cc0;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5757183e-0a50-11ea-b863-121e68b36cc0;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1...

0
-1 B

366ms
364ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5757183e-0a50-11ea-b863-121e68b36cc0;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5757183e-0a50-11ea-b863-121e68b36cc0;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5757183e-0a50-11ea-b863-121e68b36cc0;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A572e62cc-0a50-11ea-9b97-123ca8731fc4;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A572e62cc-0a50-11ea-9b97-123ca8731fc4;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1...

0
-1 B

102ms
102ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A572e62cc-0a50-11ea-9b97-123ca8731fc4;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A572e62cc-0a50-11ea-9b97-123ca8731fc4;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A572e62cc-0a50-11ea-9b97-123ca8731fc4;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A572e6452-0a50-11ea-affe-1273d078354a;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A572e6452-0a50-11ea-affe-1273d078354a;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1...

0
-1 B

102ms
102ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A572e6452-0a50-11ea-affe-1273d078354a;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A572e6452-0a50-11ea-affe-1273d078354a;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A572e6452-0a50-11ea-affe-1273d078354a;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A572e82c0-0a50-11ea-a0e7-121c10c2940c;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e82c0-0a50-11ea-a0e7-121c10c2940c;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1...

0
-1 B

104ms
104ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e82c0-0a50-11ea-a0e7-121c10c2940c;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e82c0-0a50-11ea-a0e7-121c10c2940c;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e82c0-0a50-11ea-a0e7-121c10c2940c;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A572e8978-0a50-11ea-9be2-124a081e334a;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A572e8978-0a50-11ea-9be2-124a081e334a;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1...

0
-1 B

105ms
105ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A572e8978-0a50-11ea-9be2-124a081e334a;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A572e8978-0a50-11ea-9be2-124a081e334a;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A572e8978-0a50-11ea-9be2-124a081e334a;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A572e9846-0a50-11ea-a7d7-12e7f4d03460;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572e9846-0a50-11ea-a7d7-12e7f4d03460;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1...

0
-1 B

103ms
103ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572e9846-0a50-11ea-a7d7-12e7f4d03460;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572e9846-0a50-11ea-a7d7-12e7f4d03460;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572e9846-0a50-11ea-a7d7-12e7f4d03460;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A572eb146-0a50-11ea-a705-12c8450abec2;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572eb146-0a50-11ea-a705-12c8450abec2;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1...

0
-1 B

104ms
104ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572eb146-0a50-11ea-a705-12c8450abec2;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572eb146-0a50-11ea-a705-12c8450abec2;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572eb146-0a50-11ea-a705-12c8450abec2;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A572e949a-0a50-11ea-9469-1283af18fee8;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e949a-0a50-11ea-9469-1283af18fee8;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1...

0
-1 B

101ms
101ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e949a-0a50-11ea-9469-1283af18fee8;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e949a-0a50-11ea-9469-1283af18fee8;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e949a-0a50-11ea-9469-1283af18fee8;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A5757e3f4-0a50-11ea-a5dd-12dccfef2018;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5757e3f4-0a50-11ea-a5dd-12dccfef2018;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1...

0
-1 B

366ms
366ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5757e3f4-0a50-11ea-a5dd-12dccfef2018;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5757e3f4-0a50-11ea-a5dd-12dccfef2018;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5757e3f4-0a50-11ea-a5dd-12dccfef2018;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A572ee6ac-0a50-11ea-b12e-1256e9c0edc4;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572ee6ac-0a50-11ea-b12e-1256e9c0edc4;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1...

0
-1 B

103ms
103ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572ee6ac-0a50-11ea-b12e-1256e9c0edc4;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572ee6ac-0a50-11ea-b12e-1256e9c0edc4;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572ee6ac-0a50-11ea-b12e-1256e9c0edc4;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A572dc4c0-0a50-11ea-8834-1274c1fe5bf6;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ 945 B
1 KB 135ms
125ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572dc4c0-0a50-11ea-8834-1274c1fe5bf6;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=168b18e54165c102;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: fc7dab5af4071a2970776372fe197e52af6613c8726462ed3bd1d2ab41558cb7

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A572e62cc-0a50-11ea-9b97-123ca8731fc4;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ 944 B
1 KB 134ms
126ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A572e62cc-0a50-11ea-9b97-123ca8731fc4;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1656ed66e013e25f;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 84e5fb61fd466ee3bb665da58d42937a48dbbf69f8e477a8a250d4fd13cb2d8c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A572e6452-0a50-11ea-affe-1273d078354a;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ 945 B
1 KB 205ms
197ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A572e6452-0a50-11ea-affe-1273d078354a;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1598e97917b06166;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 83992db926fc5075818513ed2c0130e499cfc9ac7bf18114ef0720e66d3a3087

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A572e949a-0a50-11ea-9469-1283af18fee8;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ 945 B
1 KB 201ms
194ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e949a-0a50-11ea-9469-1283af18fee8;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=160b415dea5585d4;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 575fe09cbddd983574a860502ed130a0db59a4f4b32f7e96741c80de583ec78a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A572e9846-0a50-11ea-a7d7-12e7f4d03460;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ 945 B
1 KB 130ms
123ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572e9846-0a50-11ea-a7d7-12e7f4d03460;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=166e5aebceafbe83;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 24198faf2fb724ef6a77c3ee72870f82bd10fd715a26014bc90ac5bbf57c1308

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A572e82c0-0a50-11ea-a0e7-121c10c2940c;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ 945 B
1 KB 144ms
140ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A572e82c0-0a50-11ea-a0e7-121c10c2940c;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=163904c2561f6ace;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 3521a57e3cf1663be935414e676c0dddb2518c7be5997018f965702580f3490e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A572e8978-0a50-11ea-9be2-124a081e334a;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ 943 B
1 KB 396ms
392ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A572e8978-0a50-11ea-9be2-124a081e334a;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=158682e12008d2d1;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 4d7cb0fc91112364e5214e59702a7f6266f139b701d6e84ce41179ec77384cee

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 943
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A572eb146-0a50-11ea-a705-12c8450abec2;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ 945 B
1 KB 199ms
196ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572eb146-0a50-11ea-a705-12c8450abec2;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=164fe056e87e22c2;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 7299cc596a35d09cef9fef75af0ef015337fbc269a8f74305d8e55333cea33e7

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A572ee6ac-0a50-11ea-b12e-1256e9c0edc4;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ 945 B
1 KB 202ms
199ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A572ee6ac-0a50-11ea-b12e-1256e9c0edc4;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=169ffebc222d6b9e;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: d6634d0c1834c9cd17c85b60c9042347f6bf0bbae8c992dac7d140938cc49b74

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=170b47213f42f459;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ 944 B
1 KB 124ms
122ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=170b47213f42f459;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 7a641dbdb148625830c6f8a82b13f2232cb73cb51900700d423f4768645da0ba

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1675f0ebda8ec558;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ 944 B
1 KB 130ms
128ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574115075;v=2;cmd=bid;cors=yes;alias=1675f0ebda8ec558;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 59781ec3af63edc552a91c2956b480bf7d1896fa562c1cd3f6ee960f78f42b21

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A5757183e-0a50-11ea-b863-121e68b36cc0;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ 945 B
1 KB 161ms
161ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5757183e-0a50-11ea-b863-121e68b36cc0;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1610d0f606f1a65b;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 717a90a65cae480cf645e7eef3a6026a065bc50dea4b3fd26058650841ca7d52

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A5757e3f4-0a50-11ea-a5dd-12dccfef2018;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ 945 B
1 KB 145ms
145ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5757e3f4-0a50-11ea-a5dd-12dccfef2018;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=1622db8032945c2d;misc=1574115076285
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: ab25ec9bad1f3c7bdc426f89f37a3411d44935f276c2ae3afc93e1efcb4a56bd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:16 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ 20 KB
8 KB 43ms
17ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

866c1cf254c11afbcb1689842e0eb3ed4973f7edada9f814d5e6b72cd54b9b56

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 1140
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7923
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 21:52:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "78dc79e454080e42"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 21:52:17 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ Frame DA4B 243 KB
77 KB 43ms
17ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26963
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 78754
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e013cb1224f59e75"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame DA4B 15 KB
6 KB 41ms
16ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d94dd9f1c15cb40a01fe3f987c6499414a7ef7e06e505aa1e25b067cfddd3acf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31605
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6069
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "537ce8f1ba726417"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:32 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame DA4B 151 KB
46 KB 34ms
9ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26963
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 47460
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8efde0f72d912957"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame DA4B 3 KB
2 KB 33ms
8ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

87ed2f2b7e6cca24345f5b11714e96b5695527dcbb27b401e938a059ae049b12

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31600
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1593
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "69b72fb8329d9e71"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame DA4B 44 KB
16 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

24af76725a32febb7ba698e7c6c3f1db7eae95380fc500d1d534272364b5100a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31600
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15697
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5217ce22b5d5bd36"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame DA4B 4 KB
642 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:825::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 18 Nov 2019 22:11:17 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 18 Nov 2019 22:11:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:11:17 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame DA4B 4 KB
688 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:825::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 18 Nov 2019 22:11:17 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 18 Nov 2019 22:11:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:11:17 GMT

GET
DATA 200
OK truncated
/ Frame DA4B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da66961dca41cc5005809c5352bf19861d857f74a39583a8d6321282873158c6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
375 B 50ms
50ms XHR
text/javascript 13.224.199.29
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&pid=dj0hodUL62OAN&cb=1&ws=1600x1200&v=7.43.01&t=1000&slots=%5B%7B%22sd%22%3A%22bleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.199.29 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-199-29.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: dRGtunVY-LgrytwdDWtUVpPw8chsp4gZiv-Bko2lPDFWeo8JAWHUig==

POST
H2 200 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 194 B
384 B 13ms
13ms XHR
application/json 2a02:fa8:8806:16::1460
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: 6a4c7b37cb29a63eab9c2d41c34b29702ffdaeb6e72d523b2e26438e1016d952

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 194
expires: 0

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
915 B 99ms
98ms XHR
application/json 2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%221806dc3900d3726d%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22181cff173228e446%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%221829fe5ac7bae3cf%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%221839dd8a39b98a9d%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4be1124b0997fc6f05589effb2baf9f7797efe20f80526c01d33c59ef7c5b83

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:17 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Mon, 18 Nov 2019 22:11:17 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
2 KB 70ms
70ms XHR
application/json 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=7716f987-35ee-49d3-a82d-ab0deebb20fd&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.48471411310766954
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: fd3bff9df952a69e2b322c6593a05c8215e6cf0da285bc8c773b60520c862165

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:17 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=154
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

OPTIONS
H2 204 v1 Show response
dmx.districtm.io/b/ 0
158 B 16ms
15ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method: POST
Origin: https://www.bleepingcomputer.com
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://www.bleepingcomputer.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
status: 204
access-control-max-age: 14400
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 537d4780db45c290-FRA
access-control-allow-headers: origin, content-type

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
66 B 71ms
71ms XHR
text/plain 185.64.189.112
PubMatic

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 18 Nov 2019 22:11:17 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 20ms
19ms XHR
application/json 37.252.173.62
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

5e98e03303f80ee3cb4a550b93ac037f038e647de23208783164ad74d83b8647

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:19 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.51:80
AN-X-Request-Uuid: 09a3321c-b254-4ab8-9631-b94fb86e0776
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 40ms
39ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=19564180865079d3&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 39ms
38ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wDH8n844o8J5LF7qDwHQ7sj5&bidId=196f594247c12188&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 61ms
61ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=19782bf9a2667fd8&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 123 B
669 B 67ms
63ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?pv=78ba31f7-9d9f-46c9-9ea8-2713a545a20b&si=14287&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3dbc24169271d2447c4f312cc07951ce561a2738d718441aed749afed7eb22f0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 123 B
669 B 63ms
59ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?pv=78ba31f7-9d9f-46c9-9ea8-2713a545a20b&si=14288&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3dbc24169271d2447c4f312cc07951ce561a2738d718441aed749afed7eb22f0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 174 B
358 B 31ms
27ms XHR
application/json 34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_2.1.9&dddid=7716f987-35ee-49d3-a82d-ab0deebb20fd&nocache=1574115077257&x_gdpr_f=1&pubcid=25fbf820-5b29-4409-b32c-845d985ae555&aus=728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_BTF&auid=539181725&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash: b11171e7e820ba540053671aa4f3acbb373e9b2d83f4e6320e7a838e3dad9316

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
via: 1.1 google
server: OXGW/16.167.1
status: 200
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 174
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 display Show response
mantodea.mantisadnetwork.com/prebid/ 56 B
316 B 100ms
97ms XHR
application/javascript 52.72.165.42
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/display?tz=-60&buster=1574115077257&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&measurable=true&bids[0][bidId]=2045fef125e93986&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=bleepingcomputer_728x90_970x90_970x250_320x50_BTF&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[0][sizes][1][width]=970&bids[0][sizes][1][height]=90&bids[0][sizes][2][width]=970&bids[0][sizes][2][height]=250&property=5c3404d83e048a00261ad27f&foo
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-72-165-42.compute-1.amazonaws.com
Software: / Express
Resource Hash: aa7cc9f68114842993604a8f88c733994ae8f57103aacd2de264e12df76989ed

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
status: 200
x-powered-by: Express
etag: "971457207"
vary: Origin
content-type: application/javascript
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 56
expires: -1

POST
H2 200 v2 Show response
i.connectad.io/api/ 97 B
392 B 267ms
263ms XHR
application/json 2606:4700:10::6814:9274
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://i.connectad.io/api/v2
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:9274 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e20d6ca0ee4dc5b26a84c1d2613172ac4b7829106b30c7aa6b2e5b19ab6b5ba

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
alt-svc: clear
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 537d4780eedfcbb8-VIE
content-type: application/json
via: 1.1 google

GET
H2

302

ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258

0
-1 B

98ms
95ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258

0
-1 B

100ms
96ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258

0
-1 B

100ms
97ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
547 B 132ms
129ms XHR
application/json 35.156.132.43
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.132.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-156-132-43.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 140 B
841 B 7ms
6ms XHR
application/json 37.252.173.62
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

5fde3cd363a7a0f07e4f3e4a4166633981be2bc7741a842119cf1258512fd9db

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:19 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.55:80
AN-X-Request-Uuid: abb08c0e-568d-4b69-bbbe-34182e3124a2
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 140
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2225613035339725144/ Frame DA4B 13 KB
13 KB 10ms
8ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2225613035339725144/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoI2gMQ-AEYASABLQAAAD8w2gM4-AFFAACAPw&rs=AOga4qm9ZUE7Ni8pSqujeqOcpZUORts_ig

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

332104956cc34d3bba2406165b3b4c48c4627e3aad5303e52febd91f87f977ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Thu, 14 Nov 2019 09:44:04 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2019 17:26:36 GMT
server: sffe
age: 390433
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13331
x-xss-protection: 0
expires: Fri, 13 Nov 2020 09:44:04 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13256797330833292739/ Frame DA4B 8 KB
8 KB 9ms
7ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13256797330833292739/downsize_200k_v1?sqp=4sqPyQSLAUKIAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-Mg8I2AQQ2AQYASABLQAAAD8&rs=AOga4qmAyS_2N6i6WVRJrhVZWLJKSmNoHw

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

623ba67fdee04abb38857d8cb22124da662ae2d95d1ce5033a4df0ddcd444031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:28:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 17:36:44 GMT
server: sffe
age: 535397
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8473
x-xss-protection: 0
expires: Wed, 11 Nov 2020 17:28:00 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DA4B 0
0 18ms
16ms Image
text/html 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CslReBBfTXdmkF5bOgAfS566ACa7W1YdanZPfhrAKwaGPlQEQASDa18U5YJUCoAGPlLOXA8gBBuACAKgDAcgDCqoEtwJP0GDKqzSp1b10gMWF_2_5d1uET7epz1JDM-bYuQn_-eRME0IJOPU6OfWhiWahQtRi2JHb1k1eoOPf9sEDItVNvt5twKWAhB1VekLYPd7wawIIJP5FXBS5TUmjbsxVjvbw5zoV9oVlWir2oKCOsceV_o_0AdBhV4Vv1n7Cbsk9-8xz_0qVnMPOS9i5Vpt_xCJhdNVFKBk18NQvTMYm6Ksh5rECXoiIrVV53XZHNuyVPo1N98nEvID0x5WP5ZkfllTjyqXdSYEOPwDwkH1muvuuD3gS1HYg6Q5tIVEruUCJMUYnBzOaNfsIiV6j8uGglSLCpanaQxbaDY-Apkjfd9eDA4MS368Wuy5I7chViSzZnU_BHuELVMlSjNtehzgM8lg6PB_VN4JBQSnMVDGOGPSj4Lu8m1uzksAEu8LNobQC4AQBkgUECAQYAZIFBAgFGASgBjeAB9nrzGioB47OG6gH1ckbqAeT2BuoB7oGqAfZyxuoB8_MG6gHpr4bqAfs1RvYBwHyBwQQtLUa0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xNzQyMjQ5NjAzMjg5MDgzgAoD2BMCiBQC&sigh=5r2aMnn8ANI&template_id=492&tpd=AGWhJmuNdmdVY4LHqQ0l-oLUftvVX55q06Ea5kH1fyLa3ImEGg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s16-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame DA4B 0
0 15ms
13ms Image
text/html 2a00:1450:4001:800::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQss0tR4bcn5kQvEZ1Ha1_1GWxjdFnSzMbEjVyyBSEQLk8ZAK_SNhzJJIrpHF0yQnkgiGyDk5ztYYg_cEUP12UaiHF22g
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DA4B 2 KB
3 KB 8ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 81455
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 18 Nov 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DA4B 295 B
359 B 8ms
5ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 1076
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 19 Nov 2019 21:53:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame DA4B 11 KB
11 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 12 Nov 2019 15:22:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 542948
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Wed, 11 Nov 2020 15:22:09 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame DA4B 11 KB
11 KB 9ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Wed, 30 Oct 2019 03:17:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 1709616
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Thu, 29 Oct 2020 03:17:41 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
157 B 15ms
15ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 537d4780f96363cb-FRA
access-control-allow-headers: origin, content-type

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ Frame DAD9 243 KB
77 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26963
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 78754
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e013cb1224f59e75"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame DAD9 15 KB
6 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d94dd9f1c15cb40a01fe3f987c6499414a7ef7e06e505aa1e25b067cfddd3acf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31605
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6069
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "537ce8f1ba726417"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:32 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame DAD9 151 KB
46 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26963
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 47460
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8efde0f72d912957"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-animation-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame DAD9 103 KB
33 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-animation-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

501c2a247fd3022c91782237c66b026f9e2fe4f7c1814a20aa41be6c726dc7de

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 119031
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 33748
x-xss-protection: 0
server: sffe
date: Sun, 17 Nov 2019 13:07:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e43e48b5ee38b73"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 16 Nov 2020 13:07:26 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame DAD9 3 KB
2 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

87ed2f2b7e6cca24345f5b11714e96b5695527dcbb27b401e938a059ae049b12

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31600
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1593
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "69b72fb8329d9e71"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame DAD9 44 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

24af76725a32febb7ba698e7c6c3f1db7eae95380fc500d1d534272364b5100a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31600
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15697
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5217ce22b5d5bd36"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DAD9 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 81455
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 18 Nov 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DAD9 295 B
355 B 8ms
7ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 1076
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 19 Nov 2019 21:53:21 GMT

GET
DATA 200
OK truncated
/ Frame DAD9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 048e2936a286b6d5636743c8871af009ff3de12c4d446e2d993bfcf9adb2a517

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
375 B 59ms
57ms XHR
text/javascript 13.224.199.29
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&pid=Fmy7gCCgTWwFA&cb=2&ws=1600x1200&v=7.43.01&t=1000&slots=%5B%7B%22sd%22%3A%22bleepingcomputer_300x250_300x600_160x600_Right_2%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.199.29 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-199-29.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: gm_1o8vMR5Whc__BdU9tVraMvFba5PS1dpU-EtMk1BjpQUZP5LtVdw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
376 B 43ms
43ms XHR
text/javascript 13.224.199.29
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&pid=AMecoIxZtfGcP&cb=3&ws=1600x1200&v=7.43.01&t=1000&slots=%5B%7B%22sd%22%3A%22bleepingcomputer_300x250_300x600_160x600_Right_3%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_3%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.199.29 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-199-29.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: E2GO2Mih1JVcJXSVDxVge_KiH4TwngIjLLTcLcSjCjLa5HeFjkmXeQ==

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ Frame 636B 243 KB
77 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26963
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 78754
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e013cb1224f59e75"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 636B 15 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d94dd9f1c15cb40a01fe3f987c6499414a7ef7e06e505aa1e25b067cfddd3acf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31605
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6069
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "537ce8f1ba726417"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:32 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 636B 151 KB
46 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26963
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 47460
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8efde0f72d912957"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 636B 3 KB
2 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

87ed2f2b7e6cca24345f5b11714e96b5695527dcbb27b401e938a059ae049b12

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31600
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1593
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "69b72fb8329d9e71"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 636B 44 KB
15 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

24af76725a32febb7ba698e7c6c3f1db7eae95380fc500d1d534272364b5100a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31600
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15697
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5217ce22b5d5bd36"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 636B 2 KB
3 KB 11ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 81455
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 18 Nov 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 636B 295 B
355 B 10ms
5ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 1076
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 19 Nov 2019 21:53:21 GMT

GET
DATA 200
OK truncated
/ Frame 636B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e6e1da89b13467a55c1495649b89c3b6fc05b7350393b6b1d6442b2935e127e4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 66F7 0
0 18ms
16ms Fetch
image/gif 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstGytuSiAHZvBF4ukujF_cfwh1lIxPq_ivy9ltO-5WfmHGW31hdaBOIPt-RCgkHqs1BJeMNmAwxMZl6KxgDaAT7mrmc2Vz8VLJXWHOmYe7jvOwcDRgQCaVo-0AhI5KuYWIw_v91udYgU-kDUWCd77RQrANJOiHLI_XJwipPB0YYhXqoDl9t7IrJZePSc-VccTdZSDv2LzakPFZmTfMPK5BTH0HNgPTVjpliak5yWQkWP4Y8m8C6wGXY01K7UBaz74XXacXZFm7UXBQ2rCGTwbFf1fCBAQqAgbWI&sig=Cg0ArKJSzBA18i_rBEwJEAE&urlfix=1&adurl=

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Nov 2019 22:11:17 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:11:17 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 66F7 76 KB
29 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29138
x-xss-protection: 0
expires: Mon, 18 Nov 2019 22:11:17 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame DAD9 0
0 13ms
12ms Image
text/html 2a00:1450:4001:800::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSqBoS9a-mr3TmjWF6xriw3dKOwFsxR4Rmtdpbf_u5buqT8iqSjMP_Vwboo-IaAiHhGeb7k53kPfzIYGgmQk-A9gJmpRA
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DAD9 0
0 19ms
17ms Image
text/html 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CehegBBfTXdinF5bOgAfS566ACabjgphazaudoKEK7KnjiOQXEAEg2tfFOWCVAqAB56eY3wLIAQmpAphKtG73lrI-4AIAqAMByAMIqgTIAk_QQPvx_iU3xLKDvH50Mm_ehA91DlCO_GVQJM1FRZ1NkMBaNHpucLQstwe1w5s4_PqOsXbKyvbXDlP5hGsPZlBdixfVHNWxO9dBlLLNqSIMo-Zcb5Qt-zI62-MtcxvtM-ywjhXFkCelylBYLfVXd_DWpQZjl8fNacPzdW8_wZUBfhLmmO_YOxlrCDd0oH54tgKkpnD2wfY3dqT2PRFRK6j6h-x04TrsaLPNxee2vf7aCOalKYnuKlq50QIWol9jBlnDz1a40Asjnfe7cvT15G23crvug2V3WVnqfBSVR2yembAT7IamxzsZyAfhOBOU9Ffvwbd0KBtIz1BeoX_Vzv_YIYSnUsq52sMdX-W5GllKY2TwMJP1FDGzFzKe3laAphP4AHqjrOFep_nR4UGc5I6-hFkyRpM8poJmJ2LGIzJH_uPI02LKOi_ABKCF0_yiAuAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeB2OegAagHjs4bqAfVyRuoB5PYG6gHugaoB9nLG6gHz8wbqAemvhuoB-zVG9gHAPIHBBDQ2xfSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPYEwyYFgE&sigh=yniQ8E6-AMY&template_id=419&tpd=AGWhJmtxEkK-128U8O_DljMi-quyAeEmGd_dDkbToMTJq8qu9A
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s16-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2 200 joyn_original.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 3 KB
1 KB 9ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/joyn_original.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

73152c9cc11518537a165e978d4d673f91a4adbc9986ba43bfd242e0cda256bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 28 Oct 2019 23:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1807885
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1141
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Oct 2020 23:59:52 GMT

GET
H2 200 claim.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 5 KB
2 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/claim.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1c10db3869382887d65e71d069b828cbc84b64e3fcaada6059f54fdb3e9bb276

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1782
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 typo_1_1.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 2 KB
1 KB 10ms
8ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/typo_1_1.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f50eabd97fb492f21a51037a9f849342f1ba50d2b921309b629af9497505b060

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Fri, 08 Nov 2019 17:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 880296
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1147
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Nov 2020 17:39:41 GMT

GET
H2 200 typo_1_2.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 3 KB
1 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/typo_1_2.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

31829d1ddfdecf791b307238bdd73f0c81e0edab4bd4f4dda7006ae86bfad56d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1394
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 typo_3.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 7 KB
2 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/typo_3.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8db7d892ee82b48f8d4f1d41fa2a59d7576228f43d44d977214f5b645da256ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 17:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1660274
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2388
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 17:00:03 GMT

GET
H2 200 logo_film.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 3 KB
1 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/logo_film.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

04b06ed003002b4540614055f36c95c605e4948b6f5ae9016aaac8e5305ba2d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 984
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 logo_film_2.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 3 KB
958 B 11ms
10ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/logo_film_2.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

39b003a303e3e9d9677ce4496b82ccfecc80db1faba06ecccf3cf1c1a093665e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 28 Oct 2019 23:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1807885
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 887
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Oct 2020 23:59:52 GMT

GET
H2 200 logo_film_bg.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 473 B
351 B 11ms
10ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/logo_film_bg.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

19c5d43518e8160c63eaee26cd8718adf32688e8d76964245d0cfaf96161460e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 282
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 joyn_logoanimation.png
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 43 KB
43 KB 10ms
9ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/joyn_logoanimation.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c479996a573615b065b1930235cd00ebc9612657280168e816fc454595db355d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 17:00:03 GMT
x-content-type-options: nosniff
age: 1660274
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 44015
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 17:00:03 GMT

GET
H2 200 button.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 153 B
195 B 9ms
9ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/button.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3888ef674e777f2660e782fb11930c2199c3fae1b943c12387f8be82b13f5250

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 128
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 button_typo.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 5 KB
2 KB 11ms
11ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/button_typo.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

4d6068b072c4497e45113ef79e15f788ec5e1f4c974bd31abf7033a607df4350

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 22:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1639242
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1634
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 22:50:35 GMT

GET
H2 200 verdeck_unten.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 404 B
324 B 11ms
11ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/verdeck_unten.svg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d14c2b3f1a5645e2d27ab220e61b087fcc40bea6695e27c4195998fdd4e10401

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 253
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 motiv.jpg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 54 KB
54 KB 9ms
7ms Image
image/jpeg 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/motiv.jpg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

9012e2ff7f1c5deb2f6247a58a356162204f5a264b850f8b930c78c84652f6a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55624
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 8265616931519450848
tpc.googlesyndication.com/simgad/ Frame 636B 16 KB
16 KB 7ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8265616931519450848?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkxJp_Zwfpxa8wAhBunwj5WMIVs3Q

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

76f456d9031f039d9111fe78e7834753eae32ab49f1422eb9dcaeb8d13e6e9c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Fri, 01 Nov 2019 14:28:22 GMT
x-content-type-options: nosniff
last-modified: Sat, 13 Apr 2019 10:08:57 GMT
server: sffe
age: 1496575
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 16587
x-xss-protection: 0
expires: Sat, 31 Oct 2020 14:28:22 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 636B 0
0 14ms
13ms Image
text/html 2a00:1450:4001:800::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSZYnh4m7MAdN7OIB1bNc0BmablNSQUGnUw34khBnBx9cbngiAfoCn_7YBk8BU8x4GPTVbKqO_meliLkwjYy1i2Uu6zUg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 636B 0
0 19ms
18ms Image
text/html 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CoLWLBBfTXaaqF5bOgAfS566ACdqe-tlXype0q4UKwI23ARABIMeD_AFglQKgAY-Us5cDyAEC4AIAqAMByAMIqgS6Ak_QG3Xpr38uCOJQ0_NpcIcNmVYbB3c0FmsWQZjcFh0DFnjuGkRjJ5sx4Noy0_NLuYL0Mf_UaNpEqFysLdA-9O9vZ8HaE-Mr2nk4sN8D08EhLXE3OEvPHjH3vB8Q8SwGhpaAcxnSj09cv2LzDLOYIOLkmGFh3YbmvdTVcACOXIYdIqMHEMBgWWmn2bpy3nGmbGQHubvyUKyNDe1h5JeCSHl97IdiDl21eamobTWZWBSJeuXnjXCn2T8bKK29jinSj_51dqzFMoLtob8Jh8VZ4oFVqDyEROEY3oUrFhSSb6RKnAZr1dA8paIuy37JmIObM4VQVCiidQDUuNhJQ2HHwgoddpY_mLgGVxkvtRfWaNIUtI0ODK8iM626rqlcqBE-DDQmeA_BV0SypiKiDtYeX4m6MY8i0Rx7Cqq6wATKqpvGqALgBAGSBQQIBBgBkgUECAUYBKAGAoAH2evMaKgHjs4bqAfVyRuoB5PYG6gHugaoB9nLG6gHz8wbqAemvhuoB-zVG9gHAfIHBBC-5wzSCAkIgOGAEBABGB2ACgHYEwI&sigh=6mSEnU3raQY&tpd=AGWhJmt5XYN1c8bpUlkRFdRzSudj3nKYaog49UL_0YZNGaPN1Q
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s16-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2

302

ADTECH;apid=1A57c5ab3c-0a50-11ea-949f-121ea8d7377c;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A57c5ab3c-0a50-11ea-949f-121ea8d7377c;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1...

0
-1 B

98ms
96ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A57c5ab3c-0a50-11ea-949f-121ea8d7377c;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A57c5ab3c-0a50-11ea-949f-121ea8d7377c;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A57c5ab3c-0a50-11ea-949f-121ea8d7377c;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A57c58cf6-0a50-11ea-8fad-12358a211a00;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574115077;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A57c58cf6-0a50-11ea-8fad-12358a211a00;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=15...

0
-1 B

97ms
96ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A57c58cf6-0a50-11ea-8fad-12358a211a00;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A57c58cf6-0a50-11ea-8fad-12358a211a00;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A57c58cf6-0a50-11ea-8fad-12358a211a00;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A57c591ba-0a50-11ea-92f6-12c8450abec2;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A57c591ba-0a50-11ea-92f6-12c8450abec2;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1...

0
-1 B

96ms
96ms

XHR

152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A57c591ba-0a50-11ea-92f6-12c8450abec2;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A57c591ba-0a50-11ea-92f6-12c8450abec2;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A57c591ba-0a50-11ea-92f6-12c8450abec2;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A57c58cf6-0a50-11ea-8fad-12358a211a00;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ 945 B
1 KB 123ms
123ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A57c58cf6-0a50-11ea-8fad-12358a211a00;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=219de74b943f488;misc=1574115077258
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 7824c4a572bd5b5176c5dd74f8d29fc727ec081274967bc2af65371295785a95

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A57c5ab3c-0a50-11ea-949f-121ea8d7377c;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ 945 B
1 KB 121ms
121ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A57c5ab3c-0a50-11ea-949f-121ea8d7377c;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=2180398fbdd7b97c;misc=1574115077258
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 5f0cc34ad8335ebc44742220ad572a01f591e691c1e125a3ed155b48797931bc

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A57c591ba-0a50-11ea-92f6-12c8450abec2;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ 945 B
1 KB 204ms
204ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A57c591ba-0a50-11ea-92f6-12c8450abec2;cfp=1;rndc=1574115076;v=2;cmd=bid;cors=yes;alias=22077e7e354179e1;misc=1574115077258
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 18f5af301986e712c821fb949bfb882c4f2bf0d508930ac278480a9a4f4d6345

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame DA4B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
39ms

Image
text/html

2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Redirect headers

date: Mon, 18 Nov 2019 22:11:17 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2 200 motiv.jpg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 54 KB
54 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/motiv.jpg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

9012e2ff7f1c5deb2f6247a58a356162204f5a264b850f8b930c78c84652f6a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55624
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DAD9 2 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 81455
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 18 Nov 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DAD9 295 B
359 B 6ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 1076
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 19 Nov 2019 21:53:21 GMT

GET
H2 200 joyn_original.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 3 KB
1 KB 9ms
9ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/joyn_original.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

73152c9cc11518537a165e978d4d673f91a4adbc9986ba43bfd242e0cda256bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 28 Oct 2019 23:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1807885
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1141
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Oct 2020 23:59:52 GMT

GET
H2 200 claim.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 5 KB
2 KB 8ms
8ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/claim.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1c10db3869382887d65e71d069b828cbc84b64e3fcaada6059f54fdb3e9bb276

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1782
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 typo_1_1.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 2 KB
1 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/typo_1_1.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f50eabd97fb492f21a51037a9f849342f1ba50d2b921309b629af9497505b060

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Fri, 08 Nov 2019 17:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 880296
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1147
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Nov 2020 17:39:41 GMT

GET
H2 200 typo_1_2.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 3 KB
1 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/typo_1_2.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

31829d1ddfdecf791b307238bdd73f0c81e0edab4bd4f4dda7006ae86bfad56d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1394
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 typo_3.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 7 KB
2 KB 6ms
6ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/typo_3.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8db7d892ee82b48f8d4f1d41fa2a59d7576228f43d44d977214f5b645da256ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 17:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1660274
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2388
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 17:00:03 GMT

GET
H2 200 logo_film.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 3 KB
1 KB 7ms
6ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/logo_film.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

04b06ed003002b4540614055f36c95c605e4948b6f5ae9016aaac8e5305ba2d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 984
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 logo_film_2.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 3 KB
958 B 8ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/logo_film_2.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

39b003a303e3e9d9677ce4496b82ccfecc80db1faba06ecccf3cf1c1a093665e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 28 Oct 2019 23:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1807885
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 887
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Oct 2020 23:59:52 GMT

GET
H2 200 logo_film_bg.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 473 B
353 B 10ms
8ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/logo_film_bg.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

19c5d43518e8160c63eaee26cd8718adf32688e8d76964245d0cfaf96161460e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 282
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 joyn_logoanimation.png
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 43 KB
43 KB 8ms
7ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/joyn_logoanimation.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c479996a573615b065b1930235cd00ebc9612657280168e816fc454595db355d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 17:00:03 GMT
x-content-type-options: nosniff
age: 1660274
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 44015
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 17:00:03 GMT

GET
H2 200 button.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 153 B
199 B 9ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/button.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3888ef674e777f2660e782fb11930c2199c3fae1b943c12387f8be82b13f5250

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 128
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 button_typo.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 5 KB
2 KB 8ms
6ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/button_typo.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

4d6068b072c4497e45113ef79e15f788ec5e1f4c974bd31abf7033a607df4350

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 22:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1639242
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1634
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 22:50:35 GMT

GET
H2 200 verdeck_unten.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame DAD9 404 B
324 B 10ms
9ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/verdeck_unten.svg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d14c2b3f1a5645e2d27ab220e61b087fcc40bea6695e27c4195998fdd4e10401

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537072
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 253
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 636B 2 KB
3 KB 10ms
8ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 81455
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 18 Nov 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 636B 295 B
359 B 10ms
9ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 1076
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 19 Nov 2019 21:53:21 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 636B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

55ms
55ms

Image
text/html

2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Redirect headers

date: Mon, 18 Nov 2019 22:11:17 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

POST
H2 200 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 194 B
384 B 13ms
11ms XHR
application/json 2a02:fa8:8806:16::1460
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: 6f8c1ecde2c2ebedc4d13c4b4cae8d58cf7989e7de169dd0bab0f9e1e7f1348e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 194
expires: 0

POST
H/1.1 204
No Content / Show response
hb.emxdgt.com/ 0
316 B 13ms
12ms XHR
text/html 18.196.104.43
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=1200&ts=1574115077700&src=pbjs
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.104.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-196-104-43.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 18 Nov 2019 22:11:17 GMT
Content-Type: text/html
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Access-Control-Allow-Headers: security, Content-Type
Content-Length: 0

GET
H2 204 imp Show response
g2.gumgum.com/hbid/ 0
234 B 49ms
48ms XHR
text/plain 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?pv=78ba31f7-9d9f-46c9-9ea8-2713a545a20b&t=zztu1szx&pi=2&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 204
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 578 B
636 B 66ms
65ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?pv=78ba31f7-9d9f-46c9-9ea8-2713a545a20b&si=14290&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 50432f56227696ecafc559ba4616be54eed7ef1d29784ab164eaf5bf65a0363b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 52ms
51ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=232614f05f6d69bd&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 53ms
52ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=233c0f1695f7b1e5&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 51ms
50ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=234a78d820c677c9&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 24 B
906 B 70ms
69ms XHR
application/json 2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%222350433e8c69e6%22%2C%22imp%22%3A%5B%7B%22id%22%3A%222361cdc8d7ec56cd%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%2223704660c3912cbe%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 163dae13316066124eafea5da3f8c242b5e883e474c330d0ca036b750403dc74

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:17 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 44
Expires: Mon, 18 Nov 2019 22:11:17 GMT

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 173 B
361 B 47ms
47ms XHR
application/json 34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_2.1.9&dddid=70c66311-9049-4fdb-93ce-77e760e5eda3&nocache=1574115077702&x_gdpr_f=1&pubcid=25fbf820-5b29-4409-b32c-845d985ae555&aus=300x250%2C300x600&divIds=bleepingcomputer_300x250_300x600_160x600_Right_2&auid=539181725&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash: 31df6919989c474c984022534c9e676dc335c89c089b775123baab066d2212a3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
via: 1.1 google
server: OXGW/16.167.1
status: 200
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 173
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 v2 Show response
i.connectad.io/api/ 97 B
174 B 339ms
338ms XHR
application/json 2606:4700:10::6814:9274
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://i.connectad.io/api/v2
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:9274 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2295c9dcdc658ee8ad64893a7162489f7b24c8cc0148cbc0b6b8b2cdc1bc5917

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Nov 2019 22:11:18 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
alt-svc: clear
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 537d4783ad24cbb8-VIE
content-type: application/json
via: 1.1 google

GET
H2 200 display Show response
mantodea.mantisadnetwork.com/prebid/ 56 B
316 B 100ms
99ms XHR
application/javascript 52.72.165.42
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/display?tz=-60&buster=1574115077702&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&measurable=true&bids[0][bidId]=243e63b67f220345&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_2&bids[0][sizes][0][width]=300&bids[0][sizes][0][height]=250&bids[0][sizes][1][width]=300&bids[0][sizes][1][height]=600&property=5c3404d83e048a00261ad27f&foo
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-72-165-42.compute-1.amazonaws.com
Software: / Express
Resource Hash: aa7cc9f68114842993604a8f88c733994ae8f57103aacd2de264e12df76989ed

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
status: 200
x-powered-by: Express
etag: "971457207"
vary: Origin
content-type: application/javascript
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 56
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 140 B
988 B 6ms
6ms XHR
application/json 37.252.173.62
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

8a8bb8135a6a7e5127bf710bd016830e9f793ae933119730fd6e7badf8976e08

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:19 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.36:80
AN-X-Request-Uuid: b688f5a8-00b4-4a11-9a99-bacb659545e5
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 140
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 6 KB
6 KB 85ms
85ms XHR
application/json 185.64.189.112
PubMatic

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: /
Resource Hash: 33ce52b347a36c3bb0754a8bd1b82722b6039ce4a7ad7d2460368c642e4ec3ff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
x-openrtb-version: 2.3
access-control-allow-credentials: true
date: Mon, 18 Nov 2019 22:11:17 GMT
content-type: application/json

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
2 KB 51ms
51ms XHR
application/json 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=70c66311-9049-4fdb-93ce-77e760e5eda3&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.03175276037851016
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 0736e1818db0ca27d61cdadcf1ef320f031c0d7125596488fab8b817febbb4fa

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:17 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=43
Content-Length: 1542
Expires: Wed, 17 Sep 1975 21:32:10 GMT

OPTIONS
H2 204 v1 Show response
dmx.districtm.io/b/ 0
40 B 16ms
16ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method: POST
Origin: https://www.bleepingcomputer.com
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://www.bleepingcomputer.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
status: 204
access-control-max-age: 14400
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 537d4783a8dfc290-FRA
access-control-allow-headers: origin, content-type

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
547 B 88ms
88ms XHR
application/json 35.156.132.43
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.132.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-156-132-43.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 23ms
23ms XHR
application/json 37.252.173.62
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

5821c3694dc943c34d6dbacfae48533393dc0563a979049e7ea4892096a8b6ee

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:19 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.55:80
AN-X-Request-Uuid: e6f67e53-4771-4b9f-8da7-782b6fe48aff
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=3053bca990e27bcd;misc=1574115077704; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ 945 B
1 KB 147ms
146ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=3053bca990e27bcd;misc=1574115077704;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 50da29c96919d6d400ebbc263d3153eeed237645e3196a61066d44c1e768625c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=30646bb2ceaa2bde;misc=1574115077704; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ 945 B
1 KB 147ms
147ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=30646bb2ceaa2bde;misc=1574115077704;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 067346f115cd7ca6e726295756faf06837bd4d3670956bc8fde5de88254d79c4

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
527 B 455ms
110ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 7c160ca7d4f28388142c52b1f0a5c7205666f144d627b28d8d016f4652d6ba4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Mon, 18 Nov 2019 22:11:18 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
39 B 14ms
13ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 537d47843b3763cb-FRA
access-control-allow-headers: origin, content-type

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 49ms
49ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=2675f94239b56bac&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 65ms
64ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=268fb5d9c5ba9be&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 49ms
49ms XHR
text/plain 3.124.23.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=269c6c37ac4152eb&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.23.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-124-23-215.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 173 B
357 B 47ms
47ms XHR
application/json 34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_2.1.9&dddid=8e49af73-57d5-4f49-a1ac-95eb55e1bfc8&nocache=1574115077805&x_gdpr_f=1&pubcid=25fbf820-5b29-4409-b32c-845d985ae555&aus=300x250%2C300x600&divIds=bleepingcomputer_300x250_300x600_160x600_Right_3&auid=539181725&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash: ff6abb540c39ef5eb8b00ca63f35ca42e6530a7661e69a2a69d11f77fda39299

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
via: 1.1 google
server: OXGW/16.167.1
status: 200
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 173
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 display Show response
mantodea.mantisadnetwork.com/prebid/ 56 B
316 B 98ms
98ms XHR
application/javascript 52.72.165.42
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/display?tz=-60&buster=1574115077805&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&measurable=true&bids[0][bidId]=273c164133564b04&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_3&bids[0][sizes][0][width]=300&bids[0][sizes][0][height]=250&bids[0][sizes][1][width]=300&bids[0][sizes][1][height]=600&property=5c3404d83e048a00261ad27f&foo
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-72-165-42.compute-1.amazonaws.com
Software: / Express
Resource Hash: aa7cc9f68114842993604a8f88c733994ae8f57103aacd2de264e12df76989ed

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
status: 200
x-powered-by: Express
etag: "971457207"
vary: Origin
content-type: application/javascript
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 56
expires: -1

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
66 B 85ms
85ms XHR
text/plain 185.64.189.112
PubMatic

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 18 Nov 2019 22:11:17 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com

POST
H2 200 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 194 B
384 B 44ms
44ms XHR
application/json 2a02:fa8:8806:16::1460
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: 1ca4cdd0c409496f490fb5e6f0be0ff388441bc5b61733fdc90020bede79a019

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 194
expires: 0

OPTIONS
H2 204 v1 Show response
dmx.districtm.io/b/ 0
40 B 44ms
44ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method: POST
Origin: https://www.bleepingcomputer.com
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://www.bleepingcomputer.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
status: 204
access-control-max-age: 14400
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 537d47844a27c290-FRA
access-control-allow-headers: origin, content-type

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
987 B 43ms
43ms XHR
application/json 37.252.173.62
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

caadd9b00cc0b6de827cd76410f355c629dd3939dea61a32fa2424174fcadd5b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:19 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.88:80
AN-X-Request-Uuid: a2ec285e-5997-47b8-a3d9-2f2d5784795a
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
813 B 66ms
66ms XHR
application/json 2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%222832d2152b46ae1c%22%2C%22imp%22%3A%5B%7B%22id%22%3A%222845d75da3e88471%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%22285c361f5666a8ba%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: db74f0de45654e720d714bbbe11ea2a154024025a573db51c88e75423e849500

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:17 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Mon, 18 Nov 2019 22:11:17 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 45ms
45ms XHR
application/json 37.252.173.62
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

3b1d709b84777ecb3220bb2319ecf9e53cbee468ed317e26235e52f2bd6600eb

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:19 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.88:80
AN-X-Request-Uuid: 7571087b-bb94-41e8-9574-355f14f65355
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 204
No Content / Show response
hb.emxdgt.com/ 0
316 B 42ms
42ms XHR
text/html 18.196.104.43
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=1200&ts=1574115077808&src=pbjs
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.104.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-196-104-43.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 18 Nov 2019 22:11:17 GMT
Content-Type: text/html
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Access-Control-Allow-Headers: security, Content-Type
Content-Length: 0

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=3074e35e37bf9843;misc=1574115077808; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ 945 B
1 KB 128ms
127ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=3074e35e37bf9843;misc=1574115077808;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 8a7128de2916aab2d1a11cc1543e3a809b0bdfc50c7bd04e07a02a8a139509e0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=308ebdcbc4a2c15b;misc=1574115077808; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ 944 B
1 KB 124ms
124ms XHR
application/json 152.199.21.89
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=308ebdcbc4a2c15b;misc=1574115077808;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 26a5457adcda4f08c4d4ae048c6d98eb591d4585cbdc4627198a9c7a8e4042fa

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
1 KB 58ms
58ms XHR
application/json 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=8e49af73-57d5-4f49-a1ac-95eb55e1bfc8&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.04116328776695344
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: e07b21f2fa417ebfece0e0ea9f1c6d30019318c60295e07a752d4108b59ba941

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:17 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=401
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
547 B 75ms
74ms XHR
application/json 35.156.132.43
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.132.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-156-132-43.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 204 imp Show response
g2.gumgum.com/hbid/ 0
234 B 44ms
43ms XHR
text/plain 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
server: nginx
status: 204
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 578 B
635 B 59ms
59ms XHR
application/json 52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F&ns=10240&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0e8005f95d32ffc636092619cc259b255d3d8f2858e1875af3a9f3c990678127

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:17 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
server: nginx
status: 200
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H2 200 v2 Show response
i.connectad.io/api/ 97 B
198 B 231ms
231ms XHR
application/json 2606:4700:10::6814:9274
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://i.connectad.io/api/v2
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:9274 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd134f6115401b7040484afc8eeae3de50734b8b3d7d0a768e163078bbf13400

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Nov 2019 22:11:18 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
alt-svc: clear
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 537d47845f09cbb8-VIE
content-type: application/json
via: 1.1 google

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 39 KB
10 KB 329ms
329ms XHR
text/plain 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

700570ce2869addd09be5f8c0379dfa112064697f7c8392b8ccc092d8e8340a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 22:11:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9914
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
39 B 17ms
17ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Nov 2019 22:11:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 537d4784bb7f63cb-FRA
access-control-allow-headers: origin, content-type

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 313 KB
43 KB 402ms
402ms XHR
text/plain 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

7f4b90aa7e5e33fca7f3608fae8e1cc56b96267b00af5580a17aa5c6d32c557f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 22:11:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 43457
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 39 KB
10 KB 600ms
599ms XHR
text/plain 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

662c98b525008613e5bd2e442a88cc0fe618faa387d62a57ac1837143d97dafd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 18 Nov 2019 22:11:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9898
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ Frame CF82 243 KB
77 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26964
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 78754
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e013cb1224f59e75"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame CF82 15 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d94dd9f1c15cb40a01fe3f987c6499414a7ef7e06e505aa1e25b067cfddd3acf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31606
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6069
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "537ce8f1ba726417"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:32 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame CF82 151 KB
46 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26964
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 47460
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8efde0f72d912957"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame CF82 3 KB
2 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

87ed2f2b7e6cca24345f5b11714e96b5695527dcbb27b401e938a059ae049b12

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31601
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1593
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "69b72fb8329d9e71"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame CF82 44 KB
15 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

24af76725a32febb7ba698e7c6c3f1db7eae95380fc500d1d534272364b5100a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31601
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15697
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5217ce22b5d5bd36"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CF82 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 81456
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 18 Nov 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CF82 295 B
364 B 10ms
10ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 1077
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 19 Nov 2019 21:53:21 GMT

GET
DATA 200
OK truncated
/ Frame CF82 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72ad30df69b19263573fe41ad51849efef8b7bcab097769f22fcc8c32d05e69c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 43316702555433715
tpc.googlesyndication.com/simgad/ Frame CF82 16 KB
17 KB 9ms
9ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/43316702555433715?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk7VVsWH6FKLrMpk_b8B8eeCiLdZA

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

046d1a7fbe0893b22065e17e620833b1c371176d0a88181211b93e380c6a217a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 15:37:52 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 Sep 2018 18:18:47 GMT
server: sffe
age: 542006
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 16827
x-xss-protection: 0
expires: Wed, 11 Nov 2020 15:37:52 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame CF82 0
0 13ms
13ms Image
text/html 2a00:1450:4001:800::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQP-OPkNrek57ZoEOCvuEYJ5XQncnw_vh6sVjbAxBU5HOqWx95WiRsNzQu8sL8MrEkDJH205pvDg9uYWsbqw2vKMuofKQ
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2

200

B21627202.229964885;dc_pre=CKbZydDj9OUCFciqdwodrf4A2A;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3029394380;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/ Frame CF82
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3029394380;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=...
https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_pre=CKbZydDj9OUCFciqdwodrf4A2A;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3029394380;dc_lat=;dc_rdid=...

42 B
109 B

26ms
25ms

Image
image/gif

216.58.205.230
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_pre=CKbZydDj9OUCFciqdwodrf4A2A;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3029394380;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.205.230 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s24-in-f230.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:18 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_pre=CKbZydDj9OUCFciqdwodrf4A2A;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3029394380;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CF82 0
0 17ms
17ms Image
text/html 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTrNzBRfTXd7gNtPtgAeF05uoDt6y-59a74P3gvgJsOeo5pAOEAEg2tfFOWCVAqAB7_WO2wPIAQLgAgCoAwHIAwiqBMgCT9AOjxReyYwhnwY4UPgIwMetm1uXJhQtWPz8iJdoiw-3x5Jie2upDcqLgqyumUAEFn6vv0zac8Ia_KrnYlcyewHhcT2u8E5cKPQxFILBYP4IrsocWCkXI3paUrJ2bR4g4UNJKTPAvQVK2hibo7ZyBbExwiautcS3pnedidOkBpLog81uC6CiC8BXYF2zx9bCROHx2QrlenJFcgeLvGLul_5L7YhBNCSOBkktno9EcL26XVLbKoPE_g11_Gak20vjPdrANFls2zUJYbuPdagaaV3buKCApfBlzfZgvVtFcERk8VrGZtWSblieIIKnWuP9_xtfHKAycJm3Js8LgRb6V0cAoHlJyLX9r2w2-0P6yWJx3gZqXgcm-9UDrnJ7cVQxOG8IFrpjWbSaEPw-KyasEo7duTW6c1uAmVS1g77hlgyy1F7GE2_B7sAEmL-vmKIC4AQBkgUECAQYAZIFBAgFGASgBgKAB562mymoB47OG6gH1ckbqAeT2BuoB7oGqAfZyxuoB8_MG6gHpr4bqAfs1RvYBwHyBwQQ-p4G0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xNzQyMjQ5NjAzMjg5MDgzgAoD2BMM&sigh=6eAaVQuhi5w&tpd=AGWhJmuh45wefxwjmapGsH_76bbM5gPP3ygt6k4JVpAwE8TIvw
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s16-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
527 B 155ms
110ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 27a2918c9141eb5922a24fa8ffcb72148ad07384e60d89c21836ec06d268d8cd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Mon, 18 Nov 2019 22:11:18 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ Frame 9611 243 KB
77 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26964
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 78754
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e013cb1224f59e75"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 9611 15 KB
6 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d94dd9f1c15cb40a01fe3f987c6499414a7ef7e06e505aa1e25b067cfddd3acf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31606
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6069
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "537ce8f1ba726417"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:32 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 9611 151 KB
46 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26964
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 47460
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8efde0f72d912957"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-animation-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 9611 103 KB
33 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-animation-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

501c2a247fd3022c91782237c66b026f9e2fe4f7c1814a20aa41be6c726dc7de

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 119032
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 33748
x-xss-protection: 0
server: sffe
date: Sun, 17 Nov 2019 13:07:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e43e48b5ee38b73"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 16 Nov 2020 13:07:26 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 9611 3 KB
2 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

87ed2f2b7e6cca24345f5b11714e96b5695527dcbb27b401e938a059ae049b12

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31601
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1593
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "69b72fb8329d9e71"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 9611 44 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

24af76725a32febb7ba698e7c6c3f1db7eae95380fc500d1d534272364b5100a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31601
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15697
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5217ce22b5d5bd36"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9611 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 81456
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 18 Nov 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9611 295 B
363 B 7ms
7ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 1077
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 19 Nov 2019 21:53:21 GMT

GET
H2 200 joyn_original.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 3 KB
1 KB 7ms
6ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/joyn_original.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

73152c9cc11518537a165e978d4d673f91a4adbc9986ba43bfd242e0cda256bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 28 Oct 2019 23:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1807886
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1141
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Oct 2020 23:59:52 GMT

GET
H2 200 claim.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 5 KB
2 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/claim.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1c10db3869382887d65e71d069b828cbc84b64e3fcaada6059f54fdb3e9bb276

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537073
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1782
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 typo_1_1.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 2 KB
1 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/typo_1_1.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f50eabd97fb492f21a51037a9f849342f1ba50d2b921309b629af9497505b060

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Fri, 08 Nov 2019 17:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 880297
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1147
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Nov 2020 17:39:41 GMT

GET
H2 200 typo_1_2.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 3 KB
1 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/typo_1_2.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

31829d1ddfdecf791b307238bdd73f0c81e0edab4bd4f4dda7006ae86bfad56d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537073
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1394
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 typo_3.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 7 KB
2 KB 10ms
6ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/typo_3.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8db7d892ee82b48f8d4f1d41fa2a59d7576228f43d44d977214f5b645da256ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 17:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1660275
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2388
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 17:00:03 GMT

GET
H2 200 logo_film.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 3 KB
1 KB 8ms
5ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/logo_film.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

04b06ed003002b4540614055f36c95c605e4948b6f5ae9016aaac8e5305ba2d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537073
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 984
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 logo_film_2.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 3 KB
959 B 11ms
9ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/logo_film_2.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

39b003a303e3e9d9677ce4496b82ccfecc80db1faba06ecccf3cf1c1a093665e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 28 Oct 2019 23:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1807886
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 887
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Oct 2020 23:59:52 GMT

GET
H2 200 logo_film_bg.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 473 B
354 B 10ms
8ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/logo_film_bg.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

19c5d43518e8160c63eaee26cd8718adf32688e8d76964245d0cfaf96161460e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537073
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 282
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 joyn_logoanimation.png
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 43 KB
43 KB 10ms
8ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/joyn_logoanimation.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c479996a573615b065b1930235cd00ebc9612657280168e816fc454595db355d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 17:00:03 GMT
x-content-type-options: nosniff
age: 1660275
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 44015
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 17:00:03 GMT

GET
H2 200 button.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 153 B
200 B 10ms
7ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/button.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3888ef674e777f2660e782fb11930c2199c3fae1b943c12387f8be82b13f5250

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537073
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 128
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 button_typo.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 5 KB
2 KB 7ms
6ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/button_typo.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

4d6068b072c4497e45113ef79e15f788ec5e1f4c974bd31abf7033a607df4350

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 22:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1639243
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1634
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 22:50:35 GMT

GET
H2 200 verdeck_unten.svg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 404 B
325 B 6ms
6ms Image
image/svg+xml 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/verdeck_unten.svg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d14c2b3f1a5645e2d27ab220e61b087fcc40bea6695e27c4195998fdd4e10401

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537073
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 253
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
H2 200 motiv.jpg
tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/ Frame 9611 54 KB
54 KB 6ms
5ms Image
image/jpeg 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/17213299597598425392/300x600_frau_jordan_v2/motiv.jpg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

9012e2ff7f1c5deb2f6247a58a356162204f5a264b850f8b930c78c84652f6a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 17:00:05 GMT
x-content-type-options: nosniff
age: 537073
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55624
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 07:34:37 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 17:00:05 GMT

GET
DATA 200
OK truncated
/ Frame 9611 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f19542bdee56aeb7ca9788ec659231e8bb87af996be6a4cb6d6e72a9a7563f15

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9611 0
0 13ms
10ms Image
text/html 2a00:1450:4001:800::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRWeE4tK3WKMdt-mZ4Pnwbd8NSH9il1UxMZIy_sKjzGSXjgP42x33RJv_BFO1zAd-pUiwf1RsYVDXiMvRJIe4n28Qp2Zg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9611 0
0 22ms
15ms Image
text/html 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cp9YiBhfTXe_UCtn0gAeQwq3ACKbjgphazaudoKEK7KnjiOQXEAEgx4P8AWCVAqAB56eY3wLIAQmpAphKtG73lrI-4AIAqAMByAMIqgTIAk_QS3R_f9_HZlIWgs2Qnw-3swznq8rYvsRSmNHSQ5jYZaPmqtNIb4IInR-HV-kDKshMQ289mx1V6uBft3MA0egphTkVikB7Y4N4I2WiofeTbGgMr7piX_1hOh4wa7DsmvwYCn7A9CUPrN6HHge9YSPJ6W1LTOF8lRau_kEbZUD_0bk8fJjQ4iZAfKAPm6qbE-5kssTlaz_SqBILT8w65LZlyR_hIoVedpkzKu8ZcOSFWswIUsaP0iLFJTXLAdE4AD0PCf-ANwk_sMahcc55JrbSrT1qvS9C2ZI4P3rCbVFZGdbHB-XirCzeS-VZhLg4QnQqui-hj_ja9vl63Brd4yBn-vG8bsOGUoZQpUQlruuXilzqzv-xkzkjS5-TYZil6H7yd5U71uKutZscFlU68jG4BMxlXmxx3qXlAR0xe9NePgxjntF_NijABKCF0_yiAuAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeB2OegAagHjs4bqAfVyRuoB5PYG6gHugaoB9nLG6gHz8wbqAemvhuoB-zVG9gHAPIHBBDAsDPSCAkIgOGAEBABGB2ACgHYEwyYFgE&sigh=WiiXRdSZU-8&template_id=419&tpd=AGWhJmteH17bwUB009PTKPBSCh6W-X3-PlcBUChoYt3MxRqTiQ
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s16-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ Frame 5D23 243 KB
77 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26964
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 78754
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e013cb1224f59e75"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 5D23 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d94dd9f1c15cb40a01fe3f987c6499414a7ef7e06e505aa1e25b067cfddd3acf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31606
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6069
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "537ce8f1ba726417"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:32 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 5D23 151 KB
46 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 26964
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 47460
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 14:41:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8efde0f72d912957"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 14:41:54 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 5D23 3 KB
2 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

87ed2f2b7e6cca24345f5b11714e96b5695527dcbb27b401e938a059ae049b12

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31601
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1593
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "69b72fb8329d9e71"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 5D23 44 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:825::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

24af76725a32febb7ba698e7c6c3f1db7eae95380fc500d1d534272364b5100a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 31601
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15697
x-xss-protection: 0
server: sffe
date: Mon, 18 Nov 2019 13:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5217ce22b5d5bd36"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Nov 2020 13:24:37 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5D23 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Sun, 17 Nov 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 81456
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Mon, 18 Nov 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5D23 295 B
366 B 7ms
7ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 1077
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Tue, 19 Nov 2019 21:53:21 GMT

GET
DATA 200
OK truncated
/ Frame 5D23 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25c19aa38580967f8f17f6b18451d344e6b4fd36531346a93a9779a3ba81e9a1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 3280871688421890375
tpc.googlesyndication.com/simgad/ Frame 5D23 16 KB
16 KB 7ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3280871688421890375?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkD0XARolEX_DSMSs_HDFGlx7tZtg

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c505b30e6a98a09df7fc6b020570d4735cbe96224de50e116fe8981489cb9844

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 15:28:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 Sep 2018 18:18:43 GMT
server: sffe
age: 542576
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 16643
x-xss-protection: 0
expires: Wed, 11 Nov 2020 15:28:22 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 5D23 0
0 13ms
13ms Image
text/html 2a00:1450:4001:800::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTwV4c-j0EGSdbtgYXcEcC_LILBa0NTThkULSzlVILAztQi5aQSwazPuOh722PyiukoEkxHJfM3PZyjzBO5SpbGUb8KKA
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2

200

B21627202.229964885;dc_pre=CP6R5tDj9OUCFYoHiwodqHQBtw;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3333217504;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/ Frame 5D23
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3333217504;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=...
https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_pre=CP6R5tDj9OUCFYoHiwodqHQBtw;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3333217504;dc_lat=;dc_rdid=...

42 B
109 B

29ms
29ms

Image
image/gif

216.58.205.230
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_pre=CP6R5tDj9OUCFYoHiwodqHQBtw;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3333217504;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.205.230 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s24-in-f230.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:18 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://ad.doubleclick.net/ddm/trackimp/N790339.3288108GOOGLE-ADWORDS/B21627202.229964885;dc_pre=CP6R5tDj9OUCFYoHiwodqHQBtw;dc_trk_aid=427971881;dc_trk_cid=103966985;ord=3333217504;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5D23 0
0 17ms
17ms Image
text/html 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CHQALBhfTXay6GNHB7gPm-qGgDt6y-59a24npvqIJsOeo5pAOEAEg2tfFOWCVAqAB7_WO2wPIAQLgAgCoAwHIAwiqBM0CT9D24VPrzs_sURaz_Wc_0OXidrcce6fe8q4Dr6hj8LxWn3amLQIXdNqBG135G99pCkYMmrLSlIwNJuTxpDg425AVgf_Kuhv4T1CKMnxvl1MhkSKaC0ciyLd7sqS6gUy1rDKgM-Gy-bZH_Iwtp30EbzZYYX_Emv_kaf95jZRCCoU5MVc5ArO1HEN_PGRmHFi5bzMA7c1oR8gCS23wudn3n1_iChF0kkBJ0LwTh9KlC1ujcunWp9uHfy7TC4t-DogPzCg14kF41Uh8gRnn25oqAYhe_HGUsUV3iPueHX80hT2DrhNG2wkRarX5-JEnSoNPwp0Dv1WA5DFJG9jSZvNEhrWbU3CwjUIoa3luItNKKgcPl4vXDG5JIuXOtowves4-aArUgzafalgjCjzCf5sxH0_QDAFCKYJ2pkqL6md0R0dHdIqFrtpxVM269M1LwASYv6-YogLgBAGSBQQIBBgBkgUECAUYBKAGAoAHnrabKagHjs4bqAfVyRuoB5PYG6gHugaoB9nLG6gHz8wbqAemvhuoB-zVG9gHAfIHBBC3uQ_SCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPYEww&sigh=-RoTeRWWkbs&tpd=AGWhJmv2kx3rrUImfIelFc5u3v9LUyJ6CFl2T5nNL9x-aJdnLA
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s16-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 111ms
111ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 27a2918c9141eb5922a24fa8ffcb72148ad07384e60d89c21836ec06d268d8cd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Mon, 18 Nov 2019 22:11:18 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame DA4B 42 B
122 B 35ms
34ms Image
image/gif 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssjuzoOtS96uPE9KNjh-2INujOVQrbK38JHXGBWgAC2TFuc3Jkr1qxiRPb0AlDKw2md9a_ca1HpfPtaww2i00IfUgNq3EOAJ-EEx74tXBmylA1keDy4VSLJLECmnQ&sai=AMfl-YQKiu6-zYdLLJriMbtdAikk85cb-OopSmOYfqMHVNybYEbutwrecDzRK9LEPOZplHDiG-uQfbodMk0T37KXLsyxG7NtAa6THXCr2yc6O0pd7wg4n-JiUIdSrBw&sig=Cg0ArKJSzK7hyI78aZ3nEAE&cid=CAASF-Ror0O98XBnbS5CWu-n4OxML1XPbe-W&id=ampim&o=315,146&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1050&mtos=0,0,0,1050,1050&tos=0,0,0,1050,0&tfs=229&tls=1279&g=100&h=100&pt=557&tt=1279&rpt=557&rst=1574115077234&r=v&adk=960084856&avms=ampa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:18 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame DAD9 42 B
122 B 49ms
49ms Image
image/gif 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstBS2Owt7J4F7nL5zytPv0tcHi3rF4t-OaMqXsKojZFQ3SUtX4W27BmsM8qWdDU4V34kPZ_nAPOIqfkoeB23di34VlVInS87ht8oe40YDw2IoWEgMpF6tN3TFOc57ilwD4wVWkqlcyAVB73lW5P8pFV&sai=AMfl-YSDj0bc8FlgPGpadWbfJmqUpVEDoXkq7rvhzNKf8sUOMkVgpkvCNiB3v2XUIlV1S2jFrr0HBePKXdEyo4bDMZbXqaQ_ZKu_ywjKRNY1SI68BRANu96V5uJg3EI&sig=Cg0ArKJSzJEJJJVF4oT_EAE&cid=CAASF-RoF41V4uZmPwJK2ki88ur3hgc5Ntl3&id=ampim&o=1082,487&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=288&tls=1289&g=100&h=100&pt=284&tt=1289&rpt=284&rst=1574115077279&r=v&adk=771041174&avms=ampa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:18 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 111ms
110ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 27a2918c9141eb5922a24fa8ffcb72148ad07384e60d89c21836ec06d268d8cd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Mon, 18 Nov 2019 22:11:19 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame E8AF 0
0 113ms
112ms Document
text/html 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html
set-cookie: __cfduid=d82eae76009d1f41fb445e5f1119e83131574115082; expires=Tue, 17-Nov-20 22:11:22 GMT; path=/; domain=.districtm.io; HttpOnly
cf-cache-status: DYNAMIC
cache-control: s-maxage=1209600, max-age=14400
cf-ray: 537d47a46b3463cb-FRA
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H/1.1 200
OK Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame 47EF 0
0 23ms
10ms Document
text/html 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Last-Modified: Tue, 12 Nov 2019 06:59:02 GMT
ETag: "13006b6-97cd-59720c88c16d1"
Server: Apache/2.2.15 (CentOS)
Set-Cookie: KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14515
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=66184
Expires: Tue, 19 Nov 2019 16:34:26 GMT
Date: Mon, 18 Nov 2019 22:11:22 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

pd
eu-u.openx.net/w/1.0/ Frame 7F9F
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1

0
0

79ms
78ms

Document
text/html

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: i=3c7179af-c96f-0b92-035c-56496a11e4a9|1574115082
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
vary: Accept
set-cookie: i=3c7179af-c96f-0b92-035c-56496a11e4a9|1574115082; Version=1; Expires=Tue, 17-Nov-2020 22:11:22 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1574115082|mOsLgqgikin0fcmWiygu; Version=1; Expires=Tue, 03-Dec-2019 22:11:22 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server: OXGW/16.167.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 18 Nov 2019 22:11:22 GMT
content-type: text/html
content-length: 862
via: 1.1 google
alt-svc: clear

Redirect headers

status: 302
set-cookie: i=f7d89863-e7a3-0a07-1c59-bfcc4af1a4fb|1574115082; Version=1; Expires=Tue, 17-Nov-2020 22:11:22 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server: OXGW/16.167.1
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
date: Mon, 18 Nov 2019 22:11:22 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 8D09 0
0 21ms
6ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Mon, 18 Nov 2019 22:11:22 GMT
Age: 9030568
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4082-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 6884936
X-Timer: S1574115083.967933,VS0,VE0
Vary: Accept-Encoding

GET
H2

200

pd
eu-u.openx.net/w/1.0/ Frame 7701
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1

0
0

20ms
15ms

Document
text/html

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: i=3c7179af-c96f-0b92-035c-56496a11e4a9|1574115082
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
vary: Accept
set-cookie: i=3c7179af-c96f-0b92-035c-56496a11e4a9|1574115082; Version=1; Expires=Tue, 17-Nov-2020 22:11:23 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1574115083|mOsLgqgikin0fcmWiygu; Version=1; Expires=Tue, 03-Dec-2019 22:11:23 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server: OXGW/16.167.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html
content-length: 862
via: 1.1 google
alt-svc: clear

Redirect headers

status: 302
set-cookie: i=3c7179af-c96f-0b92-035c-56496a11e4a9|1574115082; Version=1; Expires=Tue, 17-Nov-2020 22:11:22 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server: OXGW/16.167.1
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
date: Mon, 18 Nov 2019 22:11:22 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2

200

sync
eb2.3lift.com/ Frame B18E
Redirect Chain

https://ib.3lift.com/sync?
https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

9ms
6ms

Document
text/html

18.194.62.191
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.62.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-62-191.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: sync=CgoI4gEQwYrIhOgtCgoI5gEQwYrIhOgtCgkICRDBisiE6C0KCgipARDBisiE6C0KCQg5EMGKyIToLQoJCDoQwYrIhOgtCgkICxDBisiE6C0KCgjOARDBisiE6C0KCgiOARDBisiE6C0KCQgfEMGKyIToLQ==; tluid=14937303761896230915
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=utf-8
content-length: 459
set-cookie: sync=CgoIoQEQjovIhOgtCgoI4gEQwYrIhOgtCgoI4wEQjovIhOgtCgoI5gEQwYrIhOgtCgkICRDBisiE6C0KCgipARDBisiE6C0KCQgLEMGKyIToLQoKCM4BEMGKyIToLQoKCI4BEMGKyIToLQoJCHMQjovIhOgtCgoI1gEQjovIhOgtCgkIORDBisiE6C0KCQg6EMGKyIToLQoJCBsQjovIhOgtCgoIvQEQjovIhOgtCgoI3gEQjovIhOgtCgkIHxDBisiE6C0KCQhfEI6LyIToLQoKCP8BEI6LyIToLQoJCD8QjovIhOgt; Max-Age=7776000; Expires=Sun, 16 Feb 2020 22:11:23 GMT; Path=/sync; Domain=.3lift.com tluid=14937303761896230915; Max-Age=7776000; Expires=Sun, 16 Feb 2020 22:11:23 GMT; Path=/; Domain=.3lift.com
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Mon, 18 Nov 2019 22:11:23 GMT
content-length: 0
set-cookie: tluid=14937303761896230915; Max-Age=7776000; Expires=Sun, 16 Feb 2020 22:11:23 GMT; Path=/; Domain=.3lift.com
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame 180A 0
0 21ms
8ms Document
text/html 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Last-Modified: Tue, 12 Nov 2019 06:59:02 GMT
ETag: "13006b6-97cd-59720c88c16d1"
Server: Apache/2.2.15 (CentOS)
Set-Cookie: KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14515
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=66184
Expires: Tue, 19 Nov 2019 16:34:26 GMT
Date: Mon, 18 Nov 2019 22:11:22 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame D342 0
0 21ms
6ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Mon, 18 Nov 2019 22:11:22 GMT
Age: 9030567
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4028-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 2088512
X-Timer: S1574115083.972688,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 18B1 0
0 104ms
104ms Document
text/html 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html
set-cookie: __cfduid=d82eae76009d1f41fb445e5f1119e83131574115082; expires=Tue, 17-Nov-20 22:11:22 GMT; path=/; domain=.districtm.io; HttpOnly
cf-cache-status: DYNAMIC
cache-control: s-maxage=1209600, max-age=14400
cf-ray: 537d47a47b5363cb-FRA
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H/1.1 200
OK Cookie set check.html
biddr.brealtime.com/ Frame C548 0
0 87ms
68ms Document
text/html 104.17.120.107
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Host: biddr.brealtime.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Date: Mon, 18 Nov 2019 22:11:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d2f4eff631eef3dc86734c31c6e75a68c1574115082; expires=Tue, 17-Nov-20 22:11:22 GMT; path=/; domain=.brealtime.com; HttpOnly
x-amz-id-2: KO38c3CgmmyS60RL80WJwLfZcz0XdOEnFiHev73mc9f6nE6Vv6ib6jclMwbB1edJfll1cPV1NoY=
x-amz-request-id: 519C6C4FFA4D8084
x-amz-meta-origin-date-iso8601: 2019-05-30T19:14:20.000Z
Last-Modified: Thu, 30 May 2019 19:21:30 GMT
CF-Cache-Status: HIT
Age: 3485
Expires: Mon, 18 Nov 2019 22:12:22 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 537d47a4a935dfd3-FRA
Content-Encoding: gzip

GET
H2 200 iframe
mantodea.mantisadnetwork.com/prebid/ Frame B9D1 0
0 89ms
89ms Document
text/html 52.72.165.42
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574115077869&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-72-165-42.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

:method: GET
:authority: mantodea.mantisadnetwork.com
:scheme: https
:path: /prebid/iframe?tz=-60&buster=1574115077869&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=utf-8
content-length: 332
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: -1
etag: "-816291178"

GET
H2 200 iframe
mantodea.mantisadnetwork.com/prebid/ Frame 21F5 0
0 89ms
89ms Document
text/html 52.72.165.42
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574115077904&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-72-165-42.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

:method: GET
:authority: mantodea.mantisadnetwork.com
:scheme: https
:path: /prebid/iframe?tz=-60&buster=1574115077904&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=utf-8
content-length: 332
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: -1
etag: "-816291178"

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 2C2D 0
0 77ms
63ms Document
text/html 23.37.55.184
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 14 Nov 2019 18:59:50 GMT
Content-Encoding: gzip
Content-Length: 7458
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=70705
Expires: Tue, 19 Nov 2019 17:49:47 GMT
Date: Mon, 18 Nov 2019 22:11:22 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame E376 0
0 5ms
5ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Mon, 18 Nov 2019 22:11:22 GMT
Age: 9030567
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4028-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 2088513
X-Timer: S1574115083.983651,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 92B6 0
0 180ms
180ms Document
text/html 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html
set-cookie: __cfduid=d82eae76009d1f41fb445e5f1119e83131574115082; expires=Tue, 17-Nov-20 22:11:22 GMT; path=/; domain=.districtm.io; HttpOnly
cf-cache-status: DYNAMIC
cache-control: s-maxage=1209600, max-age=14400
cf-ray: 537d47a4ab7463cb-FRA
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H/1.1 200
OK Cookie set check.html
biddr.brealtime.com/ Frame A68E 0
0 81ms
10ms Document
text/html 104.17.120.107
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Host: biddr.brealtime.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Date: Mon, 18 Nov 2019 22:11:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dc6ac68c2f921b35a231355713a5048471574115083; expires=Tue, 17-Nov-20 22:11:23 GMT; path=/; domain=.brealtime.com; HttpOnly
x-amz-id-2: KO38c3CgmmyS60RL80WJwLfZcz0XdOEnFiHev73mc9f6nE6Vv6ib6jclMwbB1edJfll1cPV1NoY=
x-amz-request-id: 519C6C4FFA4D8084
x-amz-meta-origin-date-iso8601: 2019-05-30T19:14:20.000Z
Last-Modified: Thu, 30 May 2019 19:21:30 GMT
CF-Cache-Status: HIT
Age: 3486
Expires: Mon, 18 Nov 2019 22:12:23 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 537d47a51a2fdfd3-FRA
Content-Encoding: gzip

GET
H2 200 connectmyusers.php
cdn.connectad.io/ Frame E592 0
0 65ms
63ms Document
text/html 2606:4700:10::6814:9274
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:9274 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.connectad.io
:scheme: https
:path: /connectmyusers.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d34bdc38589476ec682ac29e98f5668981574115082; expires=Tue, 17-Nov-20 22:11:22 GMT; path=/; domain=.connectad.io; HttpOnly
cache-control: max-age=28800
cf-cache-status: HIT
age: 6379
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 537d47a4b81acbb8-VIE
content-encoding: gzip

GET
H2 200 connectmyusers.php
cdn.connectad.io/ Frame ACEC 0
0 65ms
64ms Document
text/html 2606:4700:10::6814:9274
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:9274 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.connectad.io
:scheme: https
:path: /connectmyusers.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d34bdc38589476ec682ac29e98f5668981574115082; expires=Tue, 17-Nov-20 22:11:22 GMT; path=/; domain=.connectad.io; HttpOnly
cache-control: max-age=28800
cf-cache-status: HIT
age: 6379
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 537d47a4b81ccbb8-VIE
content-encoding: gzip

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 9205 0
0 22ms
21ms Document
text/html 34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: i=3c7179af-c96f-0b92-035c-56496a11e4a9|1574115082; pd=v2|1574115082|mOsLgqgikin0fcmWiygu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
vary: Accept
set-cookie: i=3c7179af-c96f-0b92-035c-56496a11e4a9|1574115082; Version=1; Expires=Tue, 17-Nov-2020 22:11:23 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1574115082.1|kimWfcgqiysLmOgun0gi.rsvmsHqGmunIomgensoa; Version=1; Expires=Tue, 03-Dec-2019 22:11:23 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server: OXGW/16.167.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html
content-length: 825
via: 1.1 google
alt-svc: clear

GET
H2 200 connectmyusers.php
cdn.connectad.io/ Frame 8D0D 0
0 101ms
100ms Document
text/html 2606:4700:10::6814:9274
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:9274 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.connectad.io
:scheme: https
:path: /connectmyusers.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: __cfduid=d34bdc38589476ec682ac29e98f5668981574115082
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=28800
cf-cache-status: HIT
age: 6379
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 537d47a5290ecbb8-VIE
content-encoding: gzip

GET
H2

200

sync
eb2.3lift.com/ Frame 0AD1
Redirect Chain

https://ib.3lift.com/sync?
https://eb2.3lift.com/sync?

0
0

80ms
66ms

Document
text/html

18.194.62.191
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.62.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-62-191.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: tluid=14937303761896230915
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=utf-8
content-length: 516
set-cookie: sync=CgoI4gEQwYrIhOgtCgoI5gEQwYrIhOgtCgkICRDBisiE6C0KCgipARDBisiE6C0KCQg5EMGKyIToLQoJCDoQwYrIhOgtCgkICxDBisiE6C0KCgjOARDBisiE6C0KCgiOARDBisiE6C0KCQgfEMGKyIToLQ==; Max-Age=7776000; Expires=Sun, 16 Feb 2020 22:11:23 GMT; Path=/sync; Domain=.3lift.com tluid=14937303761896230915; Max-Age=7776000; Expires=Sun, 16 Feb 2020 22:11:23 GMT; Path=/; Domain=.3lift.com
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=900
Date: Mon, 18 Nov 2019 22:09:14 GMT
Last-Modified: Mon, 18 Nov 2019 22:09:14 GMT
Location: https://eb2.3lift.com/sync?
X-Rev: c4752e7
X-Served-By: impression-bus5.us_east.prod
X-Cache: Hit from cloudfront
Via: 1.1 e5b747ffd1713cb17ddd7d55234a3301.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: TsKT7t2HZIZDbiShCrDjlLDYUi7U8u-hFSYQssipKNRUZm60aKY-ng==
Age: 128

GET
H/1.1 200
OK Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame D822 0
0 19ms
6ms Document
text/html 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Cookie: KTPCACOOKIE=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Last-Modified: Tue, 12 Nov 2019 06:59:02 GMT
ETag: "13006b6-97cd-59720c88c16d1"
Server: Apache/2.2.15 (CentOS)
Set-Cookie: KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14515
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=66183
Expires: Tue, 19 Nov 2019 16:34:26 GMT
Date: Mon, 18 Nov 2019 22:11:23 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

usersync
rtb.gumgum.com/ Frame 0E6F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_cm&google_sc&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_cm=&google_sc=&google_dbm=&google_tc=
https://rtb.gumgum.com/usersync?b=gdv&i=CAESEPqHSTEoLkklTHfZHMTPiMA&google_cver=1

0
0

95ms
91ms

Document
image/gif

52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=gdv&i=CAESEPqHSTEoLkklTHfZHMTPiMA&google_cver=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=gdv&i=CAESEPqHSTEoLkklTHfZHMTPiMA&google_cver=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://rtb.gumgum.com/usersync?b=gdv&i=CAESEPqHSTEoLkklTHfZHMTPiMA&google_cver=1
date: Mon, 18 Nov 2019 22:11:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 286
x-xss-protection: 0
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 49B4 0
0 90ms
80ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Mon, 18 Nov 2019 22:11:23 GMT
Age: 9030567
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4054-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 2055533
X-Timer: S1574115083.082980,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 7511 0
0 281ms
74ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Mon, 18 Nov 2019 22:11:23 GMT
Age: 9030567
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4037-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 8533629
X-Timer: S1574115083.280256,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 iframe
mantodea.mantisadnetwork.com/prebid/ Frame 443B 0
0 112ms
109ms Document
text/html 52.72.165.42
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574115076554&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-72-165-42.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

:method: GET
:authority: mantodea.mantisadnetwork.com
:scheme: https
:path: /prebid/iframe?tz=-60&buster=1574115076554&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=utf-8
content-length: 332
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: -1
etag: "-816291178"

GET
H/1.1 200
OK check.html
biddr.brealtime.com/ Frame 0874 0
0 279ms
77ms Document
text/html 104.17.120.107
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Host: biddr.brealtime.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Cookie: __cfduid=dc6ac68c2f921b35a231355713a5048471574115083
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Date: Mon, 18 Nov 2019 22:11:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: KO38c3CgmmyS60RL80WJwLfZcz0XdOEnFiHev73mc9f6nE6Vv6ib6jclMwbB1edJfll1cPV1NoY=
x-amz-request-id: 519C6C4FFA4D8084
x-amz-meta-origin-date-iso8601: 2019-05-30T19:14:20.000Z
Last-Modified: Thu, 30 May 2019 19:21:30 GMT
CF-Cache-Status: HIT
Age: 3486
Expires: Mon, 18 Nov 2019 22:12:23 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 537d47a67adadfcf-FRA
Content-Encoding: gzip

GET
H2 200 connectmyusers.php
cdn.connectad.io/ Frame EB78 0
0 78ms
78ms Document
text/html 2606:4700:10::6814:9274
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:9274 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.connectad.io
:scheme: https
:path: /connectmyusers.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: __cfduid=d34bdc38589476ec682ac29e98f5668981574115082
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=28800
cf-cache-status: HIT
age: 6379
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 537d47a5496dcbb8-VIE
content-encoding: gzip

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 71DB 0
0 86ms
0ms Document
text/html 34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: i=3c7179af-c96f-0b92-035c-56496a11e4a9|1574115082; pd=v2|1574115082.1|kimWfcgqiysLmOgun0gi.rsvmsHqGmunIomgensoa
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
vary: Accept
set-cookie: i=3c7179af-c96f-0b92-035c-56496a11e4a9|1574115082; Version=1; Expires=Tue, 17-Nov-2020 22:11:23 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1574115082.1|kimWfcgqiysLmOgun0gi.rsj8gmjotuvmsHtlqGvtmufQnIiSomgesflEnsoa; Version=1; Expires=Tue, 03-Dec-2019 22:11:23 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server: OXGW/16.167.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html
content-length: 881
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame C1F6 0
0 196ms
6ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Mon, 18 Nov 2019 22:11:23 GMT
Age: 9030568
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4082-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 6884937
X-Timer: S1574115083.364085,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame DB20 0
0 288ms
99ms Document
text/html 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Cookie: KTPCACOOKIE=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Last-Modified: Tue, 12 Nov 2019 06:59:02 GMT
ETag: "13006b6-97cd-59720c88c16d1"
Server: Apache/2.2.15 (CentOS)
Set-Cookie: KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14515
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=66183
Expires: Tue, 19 Nov 2019 16:34:26 GMT
Date: Mon, 18 Nov 2019 22:11:23 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

sync
eb2.3lift.com/ Frame D938
Redirect Chain

https://ib.3lift.com/sync?
https://eb2.3lift.com/sync?

0
0

86ms
83ms

Document
text/html

18.194.62.191
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.62.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-62-191.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: sync=CgoIoQEQjovIhOgtCgoI4gEQwYrIhOgtCgoI4wEQjovIhOgtCgoI5gEQwYrIhOgtCgkICRDBisiE6C0KCgipARDBisiE6C0KCQgLEMGKyIToLQoKCM4BEMGKyIToLQoKCI4BEMGKyIToLQoJCHMQjovIhOgtCgoI1gEQjovIhOgtCgkIORDBisiE6C0KCQg6EMGKyIToLQoJCBsQjovIhOgtCgoIvQEQjovIhOgtCgoI3gEQjovIhOgtCgkIHxDBisiE6C0KCQhfEI6LyIToLQoKCP8BEI6LyIToLQoJCD8QjovIhOgt; tluid=14937303761896230915
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=utf-8
content-length: 554
set-cookie: sync=CgoIwgEQmYvIhOgtCgkICRDBisiE6C0KCQgLEMGKyIToLQoKCM4BEMGKyIToLQoKCI4BEMGKyIToLQoJCA4QmYvIhOgtCgkIFBCZi8iE6C0KCgjWARCOi8iE6C0KCgiaARCZi8iE6C0KCQgaEJmLyIToLQoJCBsQjovIhOgtCgoI3gEQjovIhOgtCgkIHxDBisiE6C0KCQhfEI6LyIToLQoKCN8BEJmLyIToLQoKCKEBEI6LyIToLQoKCOIBEMGKyIToLQoKCOMBEI6LyIToLQoKCOYBEMGKyIToLQoKCKkBEMGKyIToLQoJCHMQjovIhOgtCgoI9wEQmYvIhOgtCgkIORDBisiE6C0KCQg6EMGKyIToLQoKCPsBEJmLyIToLQoKCPwBEJmLyIToLQoKCL0BEI6LyIToLQoKCP4BEJmLyIToLQoKCP8BEI6LyIToLQoJCD8QjovIhOgt; Max-Age=7776000; Expires=Sun, 16 Feb 2020 22:11:23 GMT; Path=/sync; Domain=.3lift.com tluid=14937303761896230915; Max-Age=7776000; Expires=Sun, 16 Feb 2020 22:11:23 GMT; Path=/; Domain=.3lift.com
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=900
Date: Mon, 18 Nov 2019 22:09:14 GMT
Last-Modified: Mon, 18 Nov 2019 22:09:14 GMT
Location: https://eb2.3lift.com/sync?
X-Rev: c4752e7
X-Served-By: impression-bus5.us_east.prod
X-Cache: Hit from cloudfront
Via: 1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: XNeDhj8c-EMhVxtybmvmYhm55QKgOkqjXZrDlXSMGnxMw2dDXP3hIg==
Age: 128

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 6C7D 0
0 114ms
7ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Mon, 18 Nov 2019 22:11:23 GMT
Age: 9030568
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4054-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 2055536
X-Timer: S1574115083.364616,VS0,VE0
Vary: Accept-Encoding

GET
H2

200

usersync
rtb.gumgum.com/ Frame 49A3
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=ttd&i=1668e2b6-968a-469a-9ca3-41fc372a426b&t=1576707083

0
0

296ms
81ms

Document
image/gif

52.48.197.20
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=ttd&i=1668e2b6-968a-469a-9ca3-41fc372a426b&t=1576707083
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.197.20 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-48-197-20.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=ttd&i=1668e2b6-968a-469a-9ca3-41fc372a426b&t=1576707083
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:24 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

status: 302
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html
content-length: 209
location: https://rtb.gumgum.com/usersync?b=ttd&i=1668e2b6-968a-469a-9ca3-41fc372a426b&t=1576707083
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=1668e2b6-968a-469a-9ca3-41fc372a426b; domain=.adsrvr.org; expires=Wed, 18-Nov-2020 22:11:23 GMT; path=/; SameSite=None TDCPM=CAEYBSABKAIyCwjU--ap35_2NxAFOAE.; domain=.adsrvr.org; expires=Wed, 18-Nov-2020 22:11:23 GMT; path=/; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 5A97 0
0 191ms
79ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Mon, 18 Nov 2019 22:11:23 GMT
Age: 9030567
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4053-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 5523696
X-Timer: S1574115083.374870,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 iframe
mantodea.mantisadnetwork.com/prebid/ Frame 4AD4 0
0 211ms
0ms Document
text/html 52.72.165.42
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574115077397&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-72-165-42.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

:method: GET
:authority: mantodea.mantisadnetwork.com
:scheme: https
:path: /prebid/iframe?tz=-60&buster=1574115077397&secure=true&version=9&mobile=false&uuid=82cdf557-f096-487b-a3c7-fc06a392190b&title=New%20NextCry%20Ransomware%20Encrypts%20Data%20on%20NextCloud%20Linux%20Servers&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=utf-8
content-length: 332
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: -1
etag: "-816291178"

GET
H2

200

sync
eb2.3lift.com/ Frame 7846
Redirect Chain

https://ib.3lift.com/sync?
https://eb2.3lift.com/sync?

0
0

86ms
82ms

Document
text/html

18.194.62.191
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.62.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-62-191.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: sync=CgoIoQEQjovIhOgtCgoI4gEQwYrIhOgtCgoI4wEQjovIhOgtCgoI5gEQwYrIhOgtCgkICRDBisiE6C0KCgipARDBisiE6C0KCQgLEMGKyIToLQoKCM4BEMGKyIToLQoKCI4BEMGKyIToLQoJCHMQjovIhOgtCgoI1gEQjovIhOgtCgkIORDBisiE6C0KCQg6EMGKyIToLQoJCBsQjovIhOgtCgoIvQEQjovIhOgtCgoI3gEQjovIhOgtCgkIHxDBisiE6C0KCQhfEI6LyIToLQoKCP8BEI6LyIToLQoJCD8QjovIhOgt; tluid=14937303761896230915
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html; charset=utf-8
content-length: 554
set-cookie: sync=CgoIwgEQmIvIhOgtCgkICRDBisiE6C0KCQgLEMGKyIToLQoKCM4BEMGKyIToLQoKCI4BEMGKyIToLQoJCA4QmIvIhOgtCgkIFBCYi8iE6C0KCgjWARCOi8iE6C0KCgiaARCYi8iE6C0KCQgaEJiLyIToLQoJCBsQjovIhOgtCgoI3gEQjovIhOgtCgkIHxDBisiE6C0KCQhfEI6LyIToLQoKCN8BEJiLyIToLQoKCKEBEI6LyIToLQoKCOIBEMGKyIToLQoKCOMBEI6LyIToLQoKCOYBEMGKyIToLQoKCKkBEMGKyIToLQoJCHMQjovIhOgtCgoI9wEQmIvIhOgtCgkIORDBisiE6C0KCQg6EMGKyIToLQoKCPsBEJiLyIToLQoKCPwBEJiLyIToLQoKCL0BEI6LyIToLQoKCP4BEJiLyIToLQoKCP8BEI6LyIToLQoJCD8QjovIhOgt; Max-Age=7776000; Expires=Sun, 16 Feb 2020 22:11:23 GMT; Path=/sync; Domain=.3lift.com tluid=14937303761896230915; Max-Age=7776000; Expires=Sun, 16 Feb 2020 22:11:23 GMT; Path=/; Domain=.3lift.com
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=900
Date: Mon, 18 Nov 2019 22:09:14 GMT
Last-Modified: Mon, 18 Nov 2019 22:09:14 GMT
Location: https://eb2.3lift.com/sync?
X-Rev: c4752e7
X-Served-By: impression-bus5.us_east.prod
X-Cache: Hit from cloudfront
Via: 1.1 aab8eb1f7b95159cdf1cf139d0bbc33c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: ltCpQQ8SWFcFCNpwADIAw0LOQ9WA87mV7GMml0dlIcLkbuCI0rJMgA==
Age: 128

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 8E7C 0
0 298ms
100ms Document
text/html 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
accept-encoding: gzip, deflate, br
cookie: __cfduid=d82eae76009d1f41fb445e5f1119e83131574115082
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Response headers

status: 200
date: Mon, 18 Nov 2019 22:11:23 GMT
content-type: text/html
cf-cache-status: DYNAMIC
cache-control: s-maxage=1209600, max-age=14400
cf-ray: 537d47a83db663cb-FRA
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H2 204 sync
pixel.advertising.com/ups/56465/ 0
124 B 397ms
0ms Image
text/plain 52.28.46.116
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.28.46.116 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-28-46-116.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status: 204
date: Mon, 18 Nov 2019 22:11:23 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

usersync
rtb.gumgum.com/
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT

35 B
237 B

74ms
69ms

Image
image/gif

52.213.17.13
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.17.13 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-213-17-13.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:23 GMT
server: nginx
p3p: CP="This is not a P3P policy"
content-type: image/gif;charset=UTF-8
status: 200
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:23 GMT
Server: nginx
ETag: OPTOUT
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2

204

sync
pixel.advertising.com/ups/55965/
Redirect Chain

https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&gdpr_consent=&uid=UHbgN1QltGZIKrwzACOpMAEl4TJIcbZgXHPRo_lS

0
124 B

73ms
67ms

Image
text/plain

52.28.46.116
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&gdpr_consent=&uid=UHbgN1QltGZIKrwzACOpMAEl4TJIcbZgXHPRo_lS

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.28.46.116 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-28-46-116.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status: 204
date: Mon, 18 Nov 2019 22:11:23 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 22:11:23 GMT
Server: QS
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location: https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&gdpr_consent=&uid=UHbgN1QltGZIKrwzACOpMAEl4TJIcbZgXHPRo_lS
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
264 B 95ms
92ms Image
image/gif 54.229.35.82
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.35.82 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-229-35-82.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:23 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status: 200
cache-control: private,no-cache, must-revalidate
content-type: image/gif
content-length: 70

GET
H2 204 current
aol-match.dotomi.com/match/bounce/ 0
104 B 498ms
12ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=1A572e9846-0a50-11ea-a7d7-12e7f4d03460&gdpr=1&gdpr_consent=&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 18 Nov 2019 22:11:23 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

usersync
rtb.gumgum.com/
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_405608e2-274d-401f-8e20-68e4cd507c78&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_405608e2-274d-401f-8e20-68e4cd507c78&gdpr=0&gdpr_consent=
https://tag.clrstm.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
https://x.bidswitch.net/sync?dsp_id=26&expires=6&user_id=&user_group=0&ssp=gumgum2
https://x.bidswitch.net/ul_cb/sync?dsp_id=26&expires=6&user_id=&user_group=0&ssp=gumgum2
https://rtb.gumgum.com/usersync?b=bsw&i=1e45ec3a-c4ec-4320-9fd8-372bbdb7b245

35 B
237 B

86ms
74ms

Image
image/gif

52.48.197.20
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=1e45ec3a-c4ec-4320-9fd8-372bbdb7b245
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.197.20 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-48-197-20.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 22:11:24 GMT
server: nginx
p3p: CP="This is not a P3P policy"
content-type: image/gif;charset=UTF-8
status: 200
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

status: 302
date: Mon, 18 Nov 2019 22:11:24 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //rtb.gumgum.com/usersync?b=bsw&i=1e45ec3a-c4ec-4320-9fd8-372bbdb7b245
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJjU-cNoS5Ekq-m9u7zbte0&google_cver=1

Verdicts & Comments Add Verdict or Comment

147 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 05:15:15	Name: test_cookie Value: CheckForPermission
.bleepingcomputer.com/	1970-01-19 05:58:27	Name: __beaconTrackerID Value: a7mnu91j5
www.bleepingcomputer.com/	1970-01-19 05:58:27	Name: _fsloc Value: ?i=DE&c=
www.bleepingcomputer.com/	1970-01-26 12:27:15	Name: _fsuid Value: 79de346c-3f91-40d0-a727-17ea88ec1f6d
www.bleepingcomputer.com/	1969-12-31 23:59:59	Name: _cmpQcif3pcsupported Value: 1
www.bleepingcomputer.com/	1970-01-19 05:15:16	Name: fssts Value: false
.bleepingcomputer.com/	1970-01-19 05:16:41	Name: _gid Value: GA1.2.618912159.1574115075
www.bleepingcomputer.com/	1970-01-19 05:15:16	Name: _fssid Value: 52d00d4a-cc75-4bda-b554-f802662b2739
www.bleepingcomputer.com/	1970-01-19 05:15:16	Name: __atuvs Value: 5dd31702a3cbadf4000
.bleepingcomputer.com/	1970-01-19 22:46:27	Name: _ga Value: GA1.2.820536483.1574115075
www.bleepingcomputer.com/	1970-01-19 05:58:27	Name: lav Value: 7222
.bleepingcomputer.com/	1970-01-19 05:15:15	Name: _gat_gtag_UA_91740_1 Value: 1
.bleepingcomputer.com/	1969-12-31 23:59:59	Name: session_id Value: 2a03b8f3d612dda7d79f4ba02a6be07b
www.bleepingcomputer.com/	1970-01-19 14:45:29	Name: __atuvc Value: 1%7C47
.bleepingcomputer.com/	1970-01-19 14:00:51	Name: __cfduid Value: dda31174669caa8bb4e9ea2d098cb035b1574115073
www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers	1969-12-31 23:59:59	Name: fsbotchecked Value: true

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://quantcast.mgr.consensu.org/cmp.js(Line 1) Message: Dependency check failed for Publisher Purpose Legitimate Interest IDs: Publisher Purpose Legitimate Interest IDs must be an array containing only purpose IDs contained in the Publisher Purpose IDs array, the following purpose IDs will be ignored: 1, 4, 5
console-api	log	URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 19) Message: Video gallery initializing
console-api	warning	URL: https://static.quantcast.mgr.consensu.org/v27/cmpui-popup.js(Line 1) Message: Unable to get NonIab Vendor list.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js(Line 1) Message: Exception in queued GPT command TypeError: Cannot read property 'getItem' of null
console-api	info	URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js(Line 508) Message: Powered by AMP ⚡ HTML – Version 1910251950120 https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
console-api	info	URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js(Line 508) Message: Powered by AMP ⚡ HTML – Version 1910251950120 https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
console-api	info	URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js(Line 508) Message: Powered by AMP ⚡ HTML – Version 1910251950120 https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
console-api	info	URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js(Line 508) Message: Powered by AMP ⚡ HTML – Version 1910251950120 https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
console-api	info	URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js(Line 508) Message: Powered by AMP ⚡ HTML – Version 1910251950120 https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
console-api	info	URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js(Line 508) Message: Powered by AMP ⚡ HTML – Version 1910251950120 https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.pubmatic.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
aol-match.dotomi.com
api.quantcast.mgr.consensu.org
as-sec.casalemedia.com
audit.quantcast.mgr.consensu.org
biddr.brealtime.com
btlr.sharethrough.com
c.amazon-adsystem.com
c.pub.network
cdn.ampproject.org
cdn.connatix.com
cdn.connectad.io
cdn.districtm.io
cdns.connatix.com
ck.connatix.com
cluster-na.cdnjquery.com
cm.g.doubleclick.net
confiant-integrations.global.ssl.fastly.net
connatix-d.openx.net
core.connatix.com
cse.google.com
d.pub.network
dmx.districtm.io
eb2.3lift.com
ecdn.analysis.fi
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
ff.doubleclick.net
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
g2.gumgum.com
googleads.g.doubleclick.net
graph.facebook.com
hb.emxdgt.com
hbopenbid.pubmatic.com
i.connatix.com
i.connectad.io
ib.3lift.com
ib.adnxs.com
mantodea.mantisadnetwork.com
match.adsrvr.org
pagead2.googlesyndication.com
pixel.advertising.com
pixel.quantserve.com
quantcast.mgr.consensu.org
rtb.gumgum.com
s7.addthis.com
s9.addthis.com
securepubads.g.doubleclick.net
static.quantcast.mgr.consensu.org
sync.1rx.io
tag.clrstm.com
tlx.3lift.com
tpc.googlesyndication.com
trk.connatix.com
us-u.openx.net
v1.addthisedge.com
vendorlist.consensu.org
web.hb.ad.cpe.dotomi.com
www.bleepingcomputer.com
www.bleepstatic.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.reddit.com
x.bidswitch.net
z.moatads.com
us-u.openx.net
104.16.68.69
104.17.120.107
104.20.59.209
104.26.12.6
13.224.196.118
13.224.196.53
13.224.199.29
13.225.78.106
13.225.78.17
13.225.78.52
151.101.113.108
151.101.113.194
151.101.13.140
151.101.14.217
152.199.21.89
172.217.16.162
172.217.22.34
178.79.175.86
18.194.62.191
18.196.104.43
185.64.189.112
2.18.233.180
2.18.234.21
2.18.235.40
2.21.36.164
213.19.147.150
216.58.205.230
23.37.55.184
2600:9000:20eb:8200:9:46dc:4700:93a1
2600:9000:20eb:d600:9:46dc:4700:93a1
2600:9000:2156:9000:1:af78:4c0:93a1
2606:4700:10::6814:9274
2606:4700:20::681a:18b
2a00:1450:4001:800::2004
2a00:1450:4001:808::200e
2a00:1450:4001:814::2002
2a00:1450:4001:81b::2008
2a00:1450:4001:81c::2006
2a00:1450:4001:81f::2003
2a00:1450:4001:820::2001
2a00:1450:4001:820::2002
2a00:1450:4001:824::200e
2a00:1450:4001:825::2001
2a00:1450:4001:825::200a
2a02:fa8:8806:13::1400
2a02:fa8:8806:16::1460
2a03:2880:f01c:800e:face:b00c:0:2
3.124.23.215
3.222.69.96
34.95.120.147
35.156.132.43
35.188.71.214
35.210.97.129
35.226.36.58
37.252.173.62
52.213.17.13
52.28.46.116
52.29.126.123
52.3.42.128
52.48.197.20
52.72.165.42
54.229.35.82
54.236.131.34
69.173.144.142
91.228.74.182
046d1a7fbe0893b22065e17e620833b1c371176d0a88181211b93e380c6a217a
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
048e2936a286b6d5636743c8871af009ff3de12c4d446e2d993bfcf9adb2a517
04ac5f8791f13205bd0f3c75f57dcb099e9451406d749a827c224406048269e5
04b06ed003002b4540614055f36c95c605e4948b6f5ae9016aaac8e5305ba2d4
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
067346f115cd7ca6e726295756faf06837bd4d3670956bc8fde5de88254d79c4
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0736e1818db0ca27d61cdadcf1ef320f031c0d7125596488fab8b817febbb4fa
0b89022d9a67a006d9e99bc502ced221b13d2bcd4ef1cfd631706748a325d9e0
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0dc42fa6302294718552a790b0968519473521addbb0712461c7e81f71df5c87
0e8005f95d32ffc636092619cc259b255d3d8f2858e1875af3a9f3c990678127
0e946b0ee0337cf23c845f67a238e1fefd5f1e014fdbd8ea27870172fcedd40f
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
163dae13316066124eafea5da3f8c242b5e883e474c330d0ca036b750403dc74
18f5af301986e712c821fb949bfb882c4f2bf0d508930ac278480a9a4f4d6345
19293620368e303e572701f2f16c940806c142dd00dcccb877b16dfcd6f59c6c
198ead29759728efc903c16d8b6e6d3f9c1f870af67c71aa0d80a2d43e381680
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19c5d43518e8160c63eaee26cd8718adf32688e8d76964245d0cfaf96161460e
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019
1c10db3869382887d65e71d069b828cbc84b64e3fcaada6059f54fdb3e9bb276
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1ca4cdd0c409496f490fb5e6f0be0ff388441bc5b61733fdc90020bede79a019
1f4113e33fc5026c3656072979d3684273bacfcb1fbf585d60f312ba525c7f3c
1fc9243dbc326728b25686a5855bc6a8c304c4eddd5a72f6945b622db111d2a8
227acfc5e607ff74710a354e50b077514be9e0a5d9b8567318d6fbc235817309
2295c9dcdc658ee8ad64893a7162489f7b24c8cc0148cbc0b6b8b2cdc1bc5917
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b
2363cbdace3d4db7b0ee2f0fcf42a722658814affea6c100f3679f7c21ff9e11
24198faf2fb724ef6a77c3ee72870f82bd10fd715a26014bc90ac5bbf57c1308
24af76725a32febb7ba698e7c6c3f1db7eae95380fc500d1d534272364b5100a
25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232
25c19aa38580967f8f17f6b18451d344e6b4fd36531346a93a9779a3ba81e9a1
26a5457adcda4f08c4d4ae048c6d98eb591d4585cbdc4627198a9c7a8e4042fa
27a2918c9141eb5922a24fa8ffcb72148ad07384e60d89c21836ec06d268d8cd
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
2f3f729b9eae258e65d1a011be0c900c5128200d988fcbc13776a1477a4b81ed
31829d1ddfdecf791b307238bdd73f0c81e0edab4bd4f4dda7006ae86bfad56d
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd
31df6919989c474c984022534c9e676dc335c89c089b775123baab066d2212a3
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9
332104956cc34d3bba2406165b3b4c48c4627e3aad5303e52febd91f87f977ee
33ce52b347a36c3bb0754a8bd1b82722b6039ce4a7ad7d2460368c642e4ec3ff
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590
3521a57e3cf1663be935414e676c0dddb2518c7be5997018f965702580f3490e
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3888ef674e777f2660e782fb11930c2199c3fae1b943c12387f8be82b13f5250
3999856b4054035479e81bce6cc3cbd79a7e3e574b096fb5cf80b9280aa5ac7d
39b003a303e3e9d9677ce4496b82ccfecc80db1faba06ecccf3cf1c1a093665e
3a509d1a27925c55941c12295939a802c93dab63358ab8dc1d7749bd1759162a
3b1d709b84777ecb3220bb2319ecf9e53cbee468ed317e26235e52f2bd6600eb
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382
3dbc24169271d2447c4f312cc07951ce561a2738d718441aed749afed7eb22f0
498fa60015c62227930abab617bdf00ff2a35b607c632519e4cf280248e310f6
4a65ee9f9bb56d5ae0a40fed4c51bcfa2e33dd244b8221db873712907b155812
4d6068b072c4497e45113ef79e15f788ec5e1f4c974bd31abf7033a607df4350
4d7cb0fc91112364e5214e59702a7f6266f139b701d6e84ce41179ec77384cee
4daccf1290c23d7d9054630986cc4bc59ab42763fa7a8e808a6fcf1e0efd6070
4e20d6ca0ee4dc5b26a84c1d2613172ac4b7829106b30c7aa6b2e5b19ab6b5ba
4e40d7b3765974239018136519e418b3f31965567f0f9370d301814f6b999ea6
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
501c2a247fd3022c91782237c66b026f9e2fe4f7c1814a20aa41be6c726dc7de
50432f56227696ecafc559ba4616be54eed7ef1d29784ab164eaf5bf65a0363b
508f57e009bf7d62aa472b71e48b2ab791af50566809d85232b9ec85f9b2f41b
50da29c96919d6d400ebbc263d3153eeed237645e3196a61066d44c1e768625c
51811cd84fe99129d82bda28acffd8e295d040f9b51cd4b1f556734b89e84fc6
51a9e64bcb65149c6b2f6768ce5268af57591b88ad2d017e5edcf75cb4edb229
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54caf22c652300e262236c2d28278ea87b99ae70e99449c64085d960ecc0901d
56c5bb68b668e5b4d1f7f18d9dbc060c9de85befbbbf5e797f75a136a48210f8
575fe09cbddd983574a860502ed130a0db59a4f4b32f7e96741c80de583ec78a
5821c3694dc943c34d6dbacfae48533393dc0563a979049e7ea4892096a8b6ee
59781ec3af63edc552a91c2956b480bf7d1896fa562c1cd3f6ee960f78f42b21
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5e98e03303f80ee3cb4a550b93ac037f038e647de23208783164ad74d83b8647
5f0cc34ad8335ebc44742220ad572a01f591e691c1e125a3ed155b48797931bc
5fde3cd363a7a0f07e4f3e4a4166633981be2bc7741a842119cf1258512fd9db
5fe405e64b42b49a5813c2c7b8e48ccf290310c5eb351d2b15966856d1a2f06e
611991a401230a6899ba518b2fd29f5065c84bfe0ca27eecebb76569c84b45ac
61e84f3146432902f50ca620696b8c953609d21b77dd08af709cbd4607d68240
623ba67fdee04abb38857d8cb22124da662ae2d95d1ce5033a4df0ddcd444031
62ccbd973c8b54064522b36436e7a9316b4aff53d3bab6c53aa13977c4e3924b
662c98b525008613e5bd2e442a88cc0fe618faa387d62a57ac1837143d97dafd
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
697dc0262f4d1db3f6b5fde6bf8b1df2413dc47fb57733fe9265d5b889751065
6a4c7b37cb29a63eab9c2d41c34b29702ffdaeb6e72d523b2e26438e1016d952
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6adc8ebdb9b6e73c368eeca44a27060c57b732dd078c35e2e0a2f5231a370b86
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144
6f8c1ecde2c2ebedc4d13c4b4cae8d58cf7989e7de169dd0bab0f9e1e7f1348e
700570ce2869addd09be5f8c0379dfa112064697f7c8392b8ccc092d8e8340a4
717a90a65cae480cf645e7eef3a6026a065bc50dea4b3fd26058650841ca7d52
7299cc596a35d09cef9fef75af0ef015337fbc269a8f74305d8e55333cea33e7
72ad30df69b19263573fe41ad51849efef8b7bcab097769f22fcc8c32d05e69c
73152c9cc11518537a165e978d4d673f91a4adbc9986ba43bfd242e0cda256bd
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
746f63728c66a14121a6d13b74c09980269bad4f6d41cb76ba50e5d8c4ea8caf
75b1cfe3368045582f8c78e8ab564c35d93a7432f65c7084ef8e3ffadde4f939
76f456d9031f039d9111fe78e7834753eae32ab49f1422eb9dcaeb8d13e6e9c2
7824c4a572bd5b5176c5dd74f8d29fc727ec081274967bc2af65371295785a95
7a641dbdb148625830c6f8a82b13f2232cb73cb51900700d423f4768645da0ba
7aee25147e91ea27917ac5cfd8ea30fdcae0e6b1072e51a1d644dafb76ab5c4f
7b8efe13a8da9af9f09f9c282e1962cfb0760e3aeebd6260a3c800447c60ceee
7c160ca7d4f28388142c52b1f0a5c7205666f144d627b28d8d016f4652d6ba4a
7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a
7d265db9111a3e7db941671d0e0e27640336609f339e539c4e6ff8a56c266ffd
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39
7de928834f3282e54d4595019ba390f3646dd68a665ad5093afe2ed8135ebd81
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e
7f4b90aa7e5e33fca7f3608fae8e1cc56b96267b00af5580a17aa5c6d32c557f
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83992db926fc5075818513ed2c0130e499cfc9ac7bf18114ef0720e66d3a3087
84e5fb61fd466ee3bb665da58d42937a48dbbf69f8e477a8a250d4fd13cb2d8c
85ad1e6a0feb0995c357300fba295819fb7dc1f64f78ad35e2088fa9a834a90b
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b
866c1cf254c11afbcb1689842e0eb3ed4973f7edada9f814d5e6b72cd54b9b56
86c66202fe2f81b9a9b92d2ef268b11c16cf6370325f2820c01f090874c69154
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e
87ed2f2b7e6cca24345f5b11714e96b5695527dcbb27b401e938a059ae049b12
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3
8a7128de2916aab2d1a11cc1543e3a809b0bdfc50c7bd04e07a02a8a139509e0
8a8bb8135a6a7e5127bf710bd016830e9f793ae933119730fd6e7badf8976e08
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db7d892ee82b48f8d4f1d41fa2a59d7576228f43d44d977214f5b645da256ac
9012e2ff7f1c5deb2f6247a58a356162204f5a264b850f8b930c78c84652f6a0
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339
95643ceaad9c5419e1bf39554bdf0d67581f8e14114ea59067f4b04c24957689
98f88d642acd9024773bf77b93f9546e3cd6fd8fa3d539d16f7b018e0cb513f2
9abb9e299ab0f7c2c00c20f0d5858358ffa1e7a9f835bab1798c769ff3b22777
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
a00d8ffa45611c04d84361ae0d37d38da8be0e11dfde738f4142a97f32b752eb
a0166fe46c8c973fc2b03e65ebe5b1cc43cadffa32c64388dbb0c99a0eb26def
a20998071047a414a5903cad15dcf2ac067f44665db72e3fefcf24d2822d0917
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f
a4be1124b0997fc6f05589effb2baf9f7797efe20f80526c01d33c59ef7c5b83
a4eee29595369b4c0c00f0efc90e6ef8d94a13e88588349ea8b29dbe93d6c931
aa7cc9f68114842993604a8f88c733994ae8f57103aacd2de264e12df76989ed
aa8492564de2f3bfc22e59717bcf4d73f41c3b3c0fd6337c6734b3fcc7208928
ab25ec9bad1f3c7bdc426f89f37a3411d44935f276c2ae3afc93e1efcb4a56bd
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460
adac4ed4b03a965b346bca3f18ce01b67afc467ed07749f7fec2aea5590e7bf5
b0c97077e3505a7b4ef72c70ee3b16d449119d5184254bd9cd6d53b2a3feb44f
b11171e7e820ba540053671aa4f3acbb373e9b2d83f4e6320e7a838e3dad9316
b13f6d987079baa82ce2d1466ff5f122221b0bde544130a515f041c0a781acb3
b23ccbec685446623aca983fb301b1a88bc12fa58fc766c2578a300f0847d4a2
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad
b873af469bcad856da22538e4baeb1b20f5dbe6e437df2aa6f7d642b7f16606d
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bf9f346dccb029ccbca01292da87ff72130f9154ac588dab8008fd22777addc0
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e
c0960a652766deba8f95eff8b1a3dea399fc253457ca171753553876cd266dfc
c237e0ee4bb4f57215b8ea2c46b4c70b62bfdc6753cc019971ded30e06c96246
c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae
c479996a573615b065b1930235cd00ebc9612657280168e816fc454595db355d
c505b30e6a98a09df7fc6b020570d4735cbe96224de50e116fe8981489cb9844
c5f8d13b1f2b5de65c2b3ad8afb00544ba005e446b5e2246955239d46cea09f7
c85fc4ca10bf215cfa73b92ab2d3bc0ee0669f90f2c2a555db1a36d981686d81
c9d000c50a0e3d638e258d48ab0de4426db3c1d3a9a7950a921eef279441076b
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb
caadd9b00cc0b6de827cd76410f355c629dd3939dea61a32fa2424174fcadd5b
cd134f6115401b7040484afc8eeae3de50734b8b3d7d0a768e163078bbf13400
ce75b775649586f6b614171744f1f4bcb258024303cae81517fcdbff440b6fdf
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cef5f28da488830519e2756cc96925ec83862677456059d973e86f3c329bac97
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d
d14c2b3f1a5645e2d27ab220e61b087fcc40bea6695e27c4195998fdd4e10401
d229886fc63edf6b95865ad6a9e90b589ca7585d2203bc61b69f73f61f746830
d6634d0c1834c9cd17c85b60c9042347f6bf0bbae8c992dac7d140938cc49b74
d69f960425d48e2e99b1c9bd062ecea7aed3e49143587b9e2905ed91fd1e6b77
d94dd9f1c15cb40a01fe3f987c6499414a7ef7e06e505aa1e25b067cfddd3acf
da66961dca41cc5005809c5352bf19861d857f74a39583a8d6321282873158c6
db74f0de45654e720d714bbbe11ea2a154024025a573db51c88e75423e849500
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e07b21f2fa417ebfece0e0ea9f1c6d30019318c60295e07a752d4108b59ba941
e091301839570837429f7cf22c35799e7261b65793a20c1b3eae043c0799be85
e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85
e6e1da89b13467a55c1495649b89c3b6fc05b7350393b6b1d6442b2935e127e4
e8af3f6e8493a4786c8e6b7bf16dfe963c666b1feaab5010bae34a182db108db
eb3986a9d06585054dc84ba96f83b685c5a67527f4cdd2cdb4dfc75d49f5759f
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd
f19542bdee56aeb7ca9788ec659231e8bb87af996be6a4cb6d6e72a9a7563f15
f50eabd97fb492f21a51037a9f849342f1ba50d2b921309b629af9497505b060
f623e1d423f85d8c36affb7faf68d0b804e0389e2621de2ea9eb97bb0df21c76
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
fc7dab5af4071a2970776372fe197e52af6613c8726462ed3bd1d2ab41558cb7
fd3bff9df952a69e2b322c6593a05c8215e6cf0da285bc8c773b60520c862165
ff1e65d5292ac70fa0ceaf87d04313c975d6299e212e0274d3d0362b218ccab8
ff6abb540c39ef5eb8b00ca63f35ca42e6530a7661e69a2a69d11f77fda39299

www.bleepingcomputer.com Open in urlscan Pro 104.20.59.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

424 Requests

100 %HTTPS

29 %IPv6

46 Domains

78 Subdomains

60 IPs

8 Countries

3546 kBTransfer

9565 kBSize

16 Cookies

17 Outgoing links

Redirected requests

424 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Screenshot
Live screenshot

Full Image

424
Requests

100 %
HTTPS

29 %
IPv6

46
Domains

78
Subdomains

60
IPs

8
Countries

3546 kB
Transfer

9565 kB
Size

16
Cookies

424 HTTP transactions
11 data transactions