threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Submission: On November 12 via api (November 12th 2019, 4:30:52 pm UTC) from US

Summary HTTP 129 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 42 IPs in 8 countries across 33 domains to perform 129 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is threatpost.com.
TLS certificate: Issued by Thawte EV RSA CA 2018 on June 17th 2019. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
5	2600:9000:21f... 2600:9000:21f3:f400:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
7	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE - Google LLC)
11	2600:9000:20e... 2600:9000:20eb:bc00:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 4	2a00:1450:400... 2a00:1450:4001:825::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
12	46.166.181.19 46.166.181.19	43350 (NFORCE) (NFORCE)
1	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81d::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	91.228.74.138 91.228.74.138	27281 (QUANTCAST) (QUANTCAST - Quantcast Corporation)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY - Fastly)
5	2a00:1450:400... 2a00:1450:4001:820::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:204... 2600:9000:2043:200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2a05:f500:11:... 2a05:f500:11:101::b93f:9001	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY - Fastly)
7	2a00:1450:400... 2a00:1450:4001:814::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
2	13.225.86.250 13.225.86.250	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	2600:1f18:26d... 2600:1f18:26d4:7e01:79ac:b29b:5341:a855	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	52.1.14.65 52.1.14.65	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
19	185.127.16.55 185.127.16.55	210329 (CLOUDWEBM...) (CLOUDWEBMANAGE-UK-1)
1	91.228.74.147 91.228.74.147	27281 (QUANTCAST) (QUANTCAST - Quantcast Corporation)
1	2a00:1450:400... 2a00:1450:4001:821::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	52.58.133.90 52.58.133.90	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	18.194.176.163 18.194.176.163	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	37.252.172.250 37.252.172.250	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1 3	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE - Google LLC)
1	185.94.180.123 185.94.180.123	35220 (SPOTX-AMS) (SPOTX-AMS)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
2	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2 3	52.51.24.119 52.51.24.119	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	5.39.66.15 5.39.66.15	16276 (OVH) (OVH)
1	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	104.109.78.125 104.109.78.125	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 3	35.158.17.58 35.158.17.58	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	35.157.167.170 35.157.167.170	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	172.217.22.34 172.217.22.34	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
129	42

18 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:21f3:f400:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.217.16.130 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s46-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:20eb:bc00:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:825::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 46.166.181.19 (Amsterdam, Netherlands)

ASN43350 (NFORCE, NL)

live.sekindo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.138 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:820::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2043:200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:11:101::b93f:9001 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:814::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.86.250 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-225-86-250.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:26d4:7e01:79ac:b29b:5341:a855 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)

adrta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.1.14.65 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-1-14-65.compute-1.amazonaws.com

ipv4.adrta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 185.127.16.55 (London, United Kingdom)

ASN210329 (CLOUDWEBMANAGE-UK-1, GB)

video.sekindo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.147 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.133.90 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-58-133-90.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.194.176.163 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-194-176-163.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.250 (Ascension Island)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 147.120.95.34.bc.googleusercontent.com

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.94.180.123 (Netherlands)

ASN35220 (SPOTX-AMS, NL)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.51.24.119 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-51-24-119.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.39.66.15 (France)

ASN16276 (OVH, FR)
PTR: s10.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.180 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.109.78.125 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.158.17.58 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-158-17-58.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.167.170 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-167-170.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.22.34 (United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s16-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	threatpost.com threatpost.com assets.threatpost.com media.threatpost.com	664 KB
31	sekindo.com live.sekindo.com video.sekindo.com	3 MB
10	doubleclick.net 3 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	106 KB
7	ampproject.org cdn.ampproject.org	378 KB
7	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	106 KB
6	advertising.com 3 redirects ads.adaptv.advertising.com pixel.advertising.com	2 KB
5	google.com 1 redirects www.google.com adservice.google.com	971 B
3	yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	1 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	openx.net 1 redirects teachingaids-d.openx.net u.openx.net	445 B
2	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	59 B
2	rubiconproject.com prebid-server.rubiconproject.com eus.rubiconproject.com	361 B
2	googleapis.com fonts.googleapis.com	1 KB
2	adrta.com 1 redirects adrta.com ipv4.adrta.com	821 B
2	amazon-adsystem.com c.amazon-adsystem.com	28 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	6 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	gstatic.com www.gstatic.com fonts.gstatic.com	102 KB
2	google.de adservice.google.de www.google.de	280 B
1	id5-sync.com id5-sync.com	370 B
1	spotxchange.com search.spotxchange.com	1 KB
1	adnxs.com ib.adnxs.com	1 KB
1	twitter.com analytics.twitter.com	263 B
1	reddit.com www.reddit.com	854 B
1	linkedin.com www.linkedin.com
1	facebook.com graph.facebook.com	542 B
1	t.co t.co	166 B
1	quantcount.com rules.quantcount.com	353 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googletagmanager.com www.googletagmanager.com	23 KB
1	kasperskycontenthub.com kasperskycontenthub.com	367 B
0	adap.tv Failed sync.adap.tv Failed
0	rlcdn.com Failed api.rlcdn.com Failed
129	33

	Domain	Requested by
19	video.sekindo.com	threatpost.com live.sekindo.com
17	threatpost.com	threatpost.com
12	live.sekindo.com	threatpost.com live.sekindo.com
11	media.threatpost.com	threatpost.com
7	cdn.ampproject.org	securepubads.g.doubleclick.net
7	securepubads.g.doubleclick.net	threatpost.com securepubads.g.doubleclick.net
5	tpc.googlesyndication.com	securepubads.g.doubleclick.net threatpost.com cdn.ampproject.org
5	assets.threatpost.com	threatpost.com
4	www.google.com	1 redirects threatpost.com www.gstatic.com
3	pixel.advertising.com	3 redirects
3	match.adsrvr.org	2 redirects live.sekindo.com
3	ads.adaptv.advertising.com	live.sekindo.com
2	cm.g.doubleclick.net	2 redirects
2	ups.analytics.yahoo.com	threatpost.com
2	u.openx.net	1 redirects live.sekindo.com
2	pagead2.googlesyndication.com
2	fonts.googleapis.com	live.sekindo.com
2	c.amazon-adsystem.com	live.sekindo.com c.amazon-adsystem.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
1	pr-bh.ybp.yahoo.com	threatpost.com
1	eus.rubiconproject.com	live.sekindo.com
1	ads.pubmatic.com	live.sekindo.com
1	id5-sync.com	live.sekindo.com
1	hbopenbid.pubmatic.com	live.sekindo.com
1	search.spotxchange.com	live.sekindo.com
1	teachingaids-d.openx.net	live.sekindo.com
1	ib.adnxs.com	live.sekindo.com
1	prebid-server.rubiconproject.com	live.sekindo.com
1	analytics.twitter.com	static.ads-twitter.com
1	fonts.gstatic.com	threatpost.com
1	pixel.quantserve.com	threatpost.com
1	ipv4.adrta.com	threatpost.com
1	adrta.com	1 redirects
1	www.reddit.com	threatpost.com
1	www.linkedin.com	threatpost.com
1	graph.facebook.com	threatpost.com
1	t.co	threatpost.com
1	rules.quantcount.com	secure.quantserve.com
1	www.google.de	threatpost.com
1	stats.g.doubleclick.net	1 redirects
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	www.googletagmanager.com	threatpost.com
1	kasperskycontenthub.com	threatpost.com
0	sync.adap.tv Failed	threatpost.com
0	api.rlcdn.com Failed	live.sekindo.com
129	49

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
www.computing.co.uk
status.smarterasp.net
malwaretips.com
krebsonsecurity.com
www.a2hosting.com
attendee.gotowebinar.com
akismet.com
t.co
indd.adobe.com
spotlight.threatpost.com

Subject Issuer	Validity	Valid
threatpost.com Thawte EV RSA CA 2018	`2019-06-17` - `2020-06-17`	a year	crt.sh
assets.threatpost.com Amazon	`2019-04-02` - `2020-05-02`	a year	crt.sh
kasperskycontenthub.com Thawte RSA CA 2018	`2019-06-14` - `2020-06-13`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-10-16` - `2020-01-08`	3 months	crt.sh
media.threatpost.com Amazon	`2019-04-02` - `2020-05-02`	a year	crt.sh
www.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
www.sekindo.com Go Daddy Secure Certificate Authority - G2	`2019-05-23` - `2020-06-18`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-10-16` - `2020-01-08`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-10-16` - `2020-01-08`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2019-10-16` - `2020-01-08`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-10-16` - `2020-01-08`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-09-22` - `2019-12-20`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2018-05-30` - `2020-09-01`	2 years	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2018-08-17` - `2020-09-02`	2 years	crt.sh
misc-sni.google.com GTS CA 1O1	`2019-10-16` - `2020-01-08`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2019-10-07` - `2020-09-29`	a year	crt.sh
*.adrta.com COMODO RSA Domain Validation Secure Server CA	`2018-09-01` - `2020-08-31`	2 years	crt.sh
*.googleapis.com GTS CA 1O1	`2019-10-16` - `2020-01-08`	3 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.adaptv.advertising.com DigiCert SHA2 High Assurance Server CA	`2017-09-20` - `2020-09-18`	3 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2019-03-18` - `2021-03-17`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.id5-sync.com Go Daddy Secure Certificate Authority - G2	`2017-04-02` - `2020-04-02`	3 years	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-10-30` - `2020-04-27`	6 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-08-07` - `2020-02-03`	6 months	crt.sh

This page contains 12 frames:

Primary Page: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Frame ID: 0096A74F030FBBD59101428AAD61F5B8
Requests: 58 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&cbuster=1573576234&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined&gdpr=1&gdprConsent=
Frame ID: 2F47E60198847AD76B66B71C8C65F57F
Requests: 32 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=75nbHAdFrusJCwoMVGTXoHoM&theme=standard&size=normal&cb=rk6pwud2frjk
Frame ID: A4F3D19D7DDDD382A63CFE4F05E41B7C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js
Frame ID: 1ECAAB3FDA8122713C2C252649BCEA81
Requests: 7 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js
Frame ID: 9D21A4F30BBBA3079036C17F1DD9B33F
Requests: 6 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js
Frame ID: 291E76FA0A04FBC1615B3E518CC11530
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto
Frame ID: CFF8540958487F8C65A34B0C12F7CF71
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto
Frame ID: 01B03F2DB159C5A23EB2F4E0D0B99B98
Requests: 16 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=75nbHAdFrusJCwoMVGTXoHoM&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=wxbio3iea1di
Frame ID: 31E018047BB6BDCF348E22D22C4703F3
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F0B2A9F3633004210C6132508BB31009
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 28C352C5676F0AE191D9D32A027ADCA3
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1
Frame ID: EF82E4CA8924C3CC131BC8C7BA91BA06
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

129
Requests

98 %
HTTPS

44 %
IPv6

33
Domains

49
Subdomains

42
IPs

8
Countries

4872 kB
Transfer

7544 kB
Size

5
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://www.computing.co.uk/ctg/news/3083604/smarteraspnet-ransomware-attack
Title: reports

Search URL Search Domain Scan URL

URL: http://status.smarterasp.net/post/your-hosting-accounts-are-under-attack
Title: SmartASP’s website

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=SmarterASP.NET&src=typed_query
Title: show customers angered

Search URL Search Domain Scan URL

URL: https://www.facebook.com/smarterasp/
Title: Monday morning update

Search URL Search Domain Scan URL

URL: https://malwaretips.com/blogs/remove-snatch-ransomware/
Title: Snatch ransomware

Search URL Search Domain Scan URL

URL: https://twitter.com/smarterasp/status/1193888221278679042
Title: to the update.

Search URL Search Domain Scan URL

URL: https://krebsonsecurity.com/2019/01/cloud-hosting-provider-dataresolution-net-battling-christmas-eve-ransomware-attack/
Title: December 2018

Search URL Search Domain Scan URL

URL: https://www.a2hosting.com/blog/windows-service-update/
Title: A2 Hosting in April 2019

Search URL Search Domain Scan URL

URL: https://attendee.gotowebinar.com/register/3127445778613605890?source=ART
Title: Threatpost webinar

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23enterprise
Title: #enterprise

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23breach
Title: #breach

Search URL Search Domain Scan URL

URL: https://t.co/klZaTnpzJX
Title: https://t.co/klZaTnpzJX

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://indd.adobe.com/view/639c3b32-90d4-40a1-9a31-2c49c7a86075
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://spotlight.threatpost.com/
Title: HackerOne Spotlight

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=2036911644&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&ul=en-us&de=UTF-8&dt=Ransomware%20Attack%20Downs%20Hosting%20Service%20SmarterASP.NET%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YAhAAEAB~&jid=1333927507&gjid=2029434237&cid=1207613773.1573576235&tid=UA-35676203-21&_gid=133058146.1573576235&_r=1&gtm=2wgav3PM29HLF&z=1221120940 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=1207613773.1573576235&jid=1333927507&_gid=133058146.1573576235&gjid=2029434237&_v=j79&z=1221120940 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1207613773.1573576235&jid=1333927507&_v=j79&z=1221120940 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1207613773.1573576235&jid=1333927507&_v=j79&z=1221120940&slf_rd=1&random=4168047805

Request Chain 73

https://adrta.com/i?clid=pms&paid=pms&publisherId=19668&caid=&plid=&siteId=101281&kv1=400x291&kv2=threatpost.com&kv3=5dcade2ad351e&kv4=144.76.109.30&kv5=chrome&kv11=12499440095dcade2ad458a&kv12=101281&kv15=DE&kv16=&kv17=&kv18=&kv19=&kv24=desktop&kv26=macosx&kv27=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36 HTTP 302
https://ipv4.adrta.com/i?__aas21=2a01:4f8:192:5414::2&clid=pms&paid=pms&publisherId=19668&caid=&plid=&siteId=101281&kv1=400x291&kv2=threatpost.com&kv3=5dcade2ad351e&kv4=144.76.109.30&kv5=chrome&kv11=12499440095dcade2ad458a&kv12=101281&kv15=DE&kv16=&kv17=&kv18=&kv19=&kv24=desktop&kv26=macosx&kv27=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36

Request Chain 123

https://u.openx.net/w/1.0/pd HTTP 302
https://u.openx.net/w/1.0/pd?cc=1

Request Chain 124

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://pixel.advertising.com/ups/55953/sync?uid=e1c3922b-1fe1-4a6b-be86-b387356b413f&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e1c3922b-1fe1-4a6b-be86-b387356b413f HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=e1c3922b-1fe1-4a6b-be86-b387356b413f&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e1c3922b-1fe1-4a6b-be86-b387356b413f&apid=UPc200845a-0569-11ea-a364-024296851050

Request Chain 125

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D&_test=XcreLQAAAKPxPFdY HTTP 302
https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XcreLQAAAKPxPFdY&_test=XcreLQAAAKPxPFdY

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm=&google_sc=&google_tc= HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEN44X5Aa40QS2h1lKfPhz_M&google_cver=1 HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEN44X5Aa40QS2h1lKfPhz_M&google_cver=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEN44X5Aa40QS2h1lKfPhz_M&google_cver=1&apid=UPc200845a-0569-11ea-a364-024296851050

129 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/ 80 KB
20 KB 348ms
175ms Document
text/html 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

9187f59758f3f48feee57006c79b2f7c6e5787058053015ce388d9670373fda0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatpost.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

Server: nginx
Date: Tue, 12 Nov 2019 16:30:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/?p=150072>; rel=shortlink
x-cache-hit: HIT
Content-Encoding: gzip

GET
H/1.1 200
OK main.css
threatpost.com/wp-content/themes/threatpost-2018/assets/css/ 227 KB
35 KB 346ms
174ms Stylesheet
text/css 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 082f9475d9d702abb1d79353862bd60f700ed63280c8d961d9a6288cbf2f5e9e

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:34 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: W/"5dc41b17-38dc0"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 19 Nov 2019 16:30:34 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 66 KB
15 KB 8ms
7ms Stylesheet
text/css 2600:9000:21f3:f400:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-kaspersky-widgets/css/trending-authors.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=fb7defda

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:21f3:f400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

44ef9b8be9758f4944226128bcbd68f44fca4b8a4d272ad3288427bbd96accb8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 13:51:48 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 9526
x-cache: Hit from cloudfront
status: 200
content-length: 15126
last-modified: Thu, 07 Nov 2019 13:24:39 GMT
server: nginx
cache-control: max-age=86400
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
x-cache-hit: HIT
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 2r4zseaeVJU5F-itEMWbBz3481IhTtw8jrrRwR13dNbU0QdZfAd6ng==
expires: Sat, 09 Nov 2019 13:24:52 GMT

GET
H/1.1 200
OK jquery.js Show response
threatpost.com/wp-includes/js/jquery/ 95 KB
37 KB 347ms
174ms Script
application/x-javascript 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 14 Oct 2019 20:47:26 GMT
Server: nginx
ETag: W/"5da4dede-17a69"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 19 Nov 2019 16:30:34 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 175 KB
55 KB 9ms
8ms Script
application/x-javascript 2600:9000:21f3:f400:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=fb7defda

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:21f3:f400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

f89d17dc2e4ecb385243b7b4cdaf5d8d9f6d4b9829e2be80afb66d01721835e3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 13:51:48 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 9526
x-cache: Hit from cloudfront
status: 200
content-length: 55884
last-modified: Thu, 07 Nov 2019 13:24:39 GMT
server: nginx
cache-control: max-age=86400
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
x-cache-hit: MISS
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 0uqdtBJG3vA-T2CDVDx87ocAkLeb-ZADl6vPEMXEH-2P0LcluatcRw==
expires: Wed, 13 Nov 2019 13:32:15 GMT

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
367 B 380ms
87ms Script
application/javascript 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=1652974726&back=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:34 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 51 KB
15 KB 40ms
39ms Script
text/javascript 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

sffe /

Resource Hash

e49343582968070ebae89979eabcdd387021e7ef7fd7ea06334bfb3ce007409b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:30:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "334 / 62 of 1000 / last-modified: 1573572240"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15621
x-xss-protection: 0
expires: Tue, 12 Nov 2019 16:30:34 GMT

GET
H2 200 0.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2018/08/15115541/ 10 KB
11 KB 8ms
8ms Image
image/jpeg 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/08/15115541/0.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5b1b3e1dbec0a6b898bf6b8f17caa692c112ba2d215a1300b1c014c75f9f5ad8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 17 Sep 2019 04:43:18 GMT
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Mon, 20 Aug 2018 15:57:19 GMT
server: AmazonS3
age: 230692
etag: "756a0525b47f4557fdfec408731afd91"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA2-C1
accept-ranges: bytes
content-length: 10662
x-amz-cf-id: k5OQE9XxzHyhZYcOAYh6EE0xDCQLL4r8orpPEOoZFowdqL6C_l7cXg==
expires: Tue, 20 Aug 2019 15:57:18 GMT

GET
H2 200 targeted_malware_ransomware.png
media.threatpost.com/wp-content/uploads/sites/103/2019/11/11093439/ 19 KB
19 KB 9ms
8ms Image
image/png 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/11/11093439/targeted_malware_ransomware.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5e68bd31bd535b874280bebe18d296cf34f2d7108c5318ad39bbb1daeb71c84f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 Nov 2019 15:22:36 GMT
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Mon, 11 Nov 2019 14:34:40 GMT
server: AmazonS3
age: 89937
etag: "b881ccf35cc7e4e9355c9e7e871715c3"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C1, FRA2-C1
accept-ranges: bytes
content-length: 19336
x-amz-cf-id: Q-xERirabXaBTdoU319Yc9HUW2coKYDHruFCRri-81vuPrPQO0of6A==
expires: Tue, 10 Nov 2020 14:34:39 GMT

GET
H2 200 subscribe2.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/ 8 KB
9 KB 9ms
9ms Image
image/jpeg 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 19 Sep 2019 00:57:41 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Tue, 19 Feb 2019 20:14:58 GMT
server: AmazonS3
age: 1607626
etag: "5ba45563f793f39ef6baf02645651654"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA2-C1
accept-ranges: bytes
content-length: 8281
x-amz-cf-id: JOPE2c_lDxp6GXAVMl386xPO_I8kYql9PkommlenBV3tWzRyIfxHtA==
expires: Wed, 19 Feb 2020 20:14:57 GMT

GET
H2 200 RING_Vulnerability-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/27121302/ 17 KB
18 KB 7ms
7ms Image
image/jpeg 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/27121302/RING_Vulnerability-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4079b5355bfcacc302bc89e8950c26111341281ccafe1d721b40df61b8c31dbf

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 08 Nov 2019 12:11:44 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Wed, 27 Feb 2019 17:13:05 GMT
server: AmazonS3
age: 58304
etag: "88aa5ba457d1bc94a74f66a2d31f7dd9"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA2-C1
accept-ranges: bytes
content-length: 17740
x-amz-cf-id: 25fd_ECCODzHxNXWe-UYlXFSDxZsWQzE_tacqzaLm6vCTlcLMXLu4g==
expires: Thu, 27 Feb 2020 17:13:02 GMT

GET
H2 200 Cynet-Nov-6-Article_feature_image-540x270.png
media.threatpost.com/wp-content/uploads/sites/103/2019/11/05144232/ 57 KB
57 KB 8ms
8ms Image
image/png 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/11/05144232/Cynet-Nov-6-Article_feature_image-540x270.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c627ddca0af5a2f88fc700ad89786140e7ac6631c798c25894da3430465f497e

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 06 Nov 2019 14:00:44 GMT
via: 1.1 edfd22ec6695cdc9d7ac634220af1315.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Tue, 05 Nov 2019 19:42:35 GMT
server: AmazonS3
age: 52345
etag: "a53a4e7e07084794ce04e20e9412a660"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA2-C1
accept-ranges: bytes
content-length: 57965
x-amz-cf-id: GwuC-cxFbGqtHLNjT9IF0OFRn83LZHLVRMlifITXC9SkVuPm0G9pyQ==
expires: Wed, 04 Nov 2020 19:42:32 GMT

GET
H2 200 cryptor-trump-540x270.png
media.threatpost.com/wp-content/uploads/sites/103/2019/11/05091649/ 62 KB
62 KB 9ms
9ms Image
image/png 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/11/05091649/cryptor-trump-540x270.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b7b3948c5fec36ba8a92e5dbbbc85221510a4945586110401302577b8bfea3bc

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 Nov 2019 16:00:55 GMT
via: 1.1 7ce1191b390045e05b9cc74f7514b77b.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Tue, 05 Nov 2019 14:16:53 GMT
server: AmazonS3
age: 154452
etag: "5a6faa1883c273b97e1d1012f0131ed2"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, FRA2-C1
accept-ranges: bytes
content-length: 63125
x-amz-cf-id: lfL-5HbElsTENJGorjW2kk-e985VpACY_3QXQ7ctmPQjktvdYNn_Tg==
expires: Wed, 04 Nov 2020 14:16:49 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 729 B
591 B 16ms
16ms Script
text/javascript 2a00:1450:4001:825::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

3211cd82ce26fec042b2543617d3138a366d470fa74ed56788c3b0956c9f9ffb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:30:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 463
x-xss-protection: 1; mode=block
expires: Tue, 12 Nov 2019 16:30:34 GMT

GET
H2 200 mr_robot.-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/11/08133029/ 2 KB
2 KB 19ms
18ms Image
image/jpeg 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/11/08133029/mr_robot.-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9b0fc6786f33d7acd24c944cf2732ce95262e309160dc2d4c7d98c310e2f91d6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 08 Nov 2019 18:33:39 GMT
via: 1.1 479d15a99f4dd073131fba1516541469.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Fri, 08 Nov 2019 18:31:21 GMT
server: AmazonS3
age: 337823
etag: "b53907bb2df76dd8d86577080d6cf786"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA2-C1
accept-ranges: bytes
content-length: 1922
x-amz-cf-id: PDpmjFIIQEzlUs8kJJRqvp_urERc4Pi7ilJ0tf75R9UmAoifcG7Xuw==
expires: Sat, 07 Nov 2020 18:31:17 GMT

GET
H2 200 industrial_controls-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/05/02101104/ 2 KB
3 KB 7ms
7ms Image
image/jpeg 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/05/02101104/industrial_controls-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5d79ccfe079401866655dbc03d317965b0c775bf27ab2b6ff6cc0fac9bebfa6a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 07 Nov 2019 14:10:03 GMT
via: 1.1 2fcedcc055e24d7ac99fbc19ed8fc8ec.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jul 2018 02:31:55 GMT
server: AmazonS3
age: 439386
etag: "a86e0b6216f28efea9cbb638c2f5a8a4"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA2-C1
accept-ranges: bytes
content-length: 2385
x-amz-cf-id: -hXBYG14Zu2QNrs1VQA1UbsNTixYm75SFyHcb25Ijc4FmzfqBVL9SQ==
expires: Wed, 03 Jul 2019 02:31:51 GMT

GET
H2 200 abstract-network-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/11/06171731/ 2 KB
2 KB 6ms
6ms Image
image/jpeg 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/11/06171731/abstract-network-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8f1f51dcb0ea9f84489985e39bc76a26893ecc2ca52fe0306f5d2f2ef43a18f5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 06 Nov 2019 22:21:26 GMT
via: 1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Wed, 06 Nov 2019 22:17:35 GMT
server: AmazonS3
age: 493307
etag: "f082c0665eacddad804fbab2103e107e"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C1, FRA2-C1
accept-ranges: bytes
content-length: 1950
x-amz-cf-id: NHQY1gmoQMTNQRYD1laaGJvniW0RvKaq40WLjs0ZvU6F6lOcHqrmtA==
expires: Thu, 05 Nov 2020 22:17:31 GMT

GET
H2 200 ransomware_tag_cloud_key-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/01/14115123/ 1 KB
2 KB 6ms
6ms Image
image/jpeg 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/01/14115123/ransomware_tag_cloud_key-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a25d6b15370e06383386c57fb5278ef22bc15d3151a8059303744f0388e8bbe3

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 16 Oct 2019 20:15:17 GMT
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Mon, 14 Jan 2019 16:51:25 GMT
server: AmazonS3
age: 1607626
etag: "25d6fb0ea662faf4a812406387e86c13"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA2-C1
accept-ranges: bytes
content-length: 1272
x-amz-cf-id: URROcsqPxvbQmNF2zCi23wPaZFZf3KCNmyk9YUZ3QTQb9NRWnqoYmw==
expires: Tue, 14 Jan 2020 16:51:23 GMT

GET
H2 200 threat-intelligence-64x64.png
media.threatpost.com/wp-content/uploads/sites/103/2019/09/25182707/ 4 KB
4 KB 9ms
9ms Image
image/png 2600:9000:20eb:bc00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/09/25182707/threat-intelligence-64x64.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:bc00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d877b654697728723f01959ffbf74d70842fe9cf331f721be5701b61c217638

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 29 Sep 2019 16:31:47 GMT
via: 1.1 2afacc6ad96dbba3f0b477cd95f16459.cloudfront.net (CloudFront), 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Wed, 25 Sep 2019 22:27:10 GMT
server: AmazonS3
age: 743198
etag: "f55ce318620c1cf746202293c984dac2"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA2-C1
accept-ranges: bytes
content-length: 4070
x-amz-cf-id: XVKA3MK2wtGUEwbqEtPBAWT8oitjaVdxUwQ3hMWZbY9W_z9kJLjXlg==
expires: Thu, 24 Sep 2020 22:27:07 GMT

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ 22 KB
7 KB 55ms
17ms Script
text/javascript 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: cdfeb327370fda3705d056562cae41d30e1891f91ebb06698d7450a5d5472773

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:34 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.1.33
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/javascript; charset=utf-8

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 7ms
7ms Script
application/x-javascript 2600:9000:21f3:f400:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/jquery.json.min.js&ver=fb7defda

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:21f3:f400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

a9f6c03ce6f4d1654f29f2136651e883198d509cb2e26af1c24b1f87b6ccae13

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 13:51:48 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 9526
x-cache: Hit from cloudfront
status: 200
content-length: 935
last-modified: Thu, 07 Nov 2019 13:24:37 GMT
server: nginx
cache-control: max-age=86400
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
x-cache-hit: HIT
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: Y1Nuk1HaaiidlfaOLqW0F_dKwKBq9InFaptCXXtUtv7sHA5tbmkOzQ==
expires: Fri, 08 Nov 2019 13:24:57 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 26 KB
10 KB 260ms
88ms Script
application/x-javascript 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.2.6.5
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a783d2ad42c380bc896219c080fa845d1e9f2e77483558103aeb296b95b85701

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:34 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Nov 2019 13:24:36 GMT
Server: nginx
ETag: W/"5dc41b14-6923"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 19 Nov 2019 16:30:34 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 13 KB
5 KB 7ms
7ms Script
application/x-javascript 2600:9000:21f3:f400:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/wp-embed.min.js,wp-content/plugins/gravityforms/js/conditional_logic.min.js,wp-content/plugins/gravityforms/js/placeholders.jquery.min.js,wp-content/plugins/akismet/_inc/form.js&ver=fb7defda

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:21f3:f400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

a69c028a3a2d261332d8fb4e17f82257d484d42fd5410b20d22a3ef6e619f66c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 13:52:26 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 9488
x-cache: Hit from cloudfront
status: 200
content-length: 4727
last-modified: Thu, 07 Nov 2019 13:24:37 GMT
server: nginx
cache-control: max-age=86400
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
x-cache-hit: HIT
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: o376zfFhffVvH8WWTlz6S9H9tBA7z1vQMQf1lHANby6y5gFkNvR9XQ==
expires: Mon, 11 Nov 2019 13:31:27 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 69 KB
23 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:806::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

00ca8d737776f6cddb0c325cfa7a302fd184606e4292165fafd0d0b482c9ec3f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:30:34 GMT
content-encoding: br
last-modified: Tue, 12 Nov 2019 15:00:00 GMT
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 23682
x-xss-protection: 0
expires: Tue, 12 Nov 2019 16:30:34 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 11 KB
4 KB 541ms
87ms Other
image/svg+xml 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Sec-Fetch-Mode: same-origin
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: W/"5dc41b17-2b9f"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 19 Nov 2019 16:30:35 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 11 KB
4 KB 600ms
87ms Other
image/svg+xml 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Sec-Fetch-Mode: same-origin
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: W/"5dc41b17-2b9f"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 19 Nov 2019 16:30:35 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 21ms
21ms Script
application/javascript 2a00:1450:4001:81d::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 12 Nov 2019 16:30:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 15ms
15ms Script
application/javascript 2a00:1450:4001:808::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 12 Nov 2019 16:30:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2019110401.js Show response
securepubads.g.doubleclick.net/gpt/ 159 KB
58 KB 39ms
38ms Script
text/javascript 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019110401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

sffe /

Resource Hash

89db741bbe693e04001902f6651d3f47bcfd0b216bc35cd1896e33086f7c4ad7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:30:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 04 Nov 2019 14:08:43 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 59437
x-xss-protection: 0
expires: Tue, 12 Nov 2019 16:30:34 GMT

GET
H/1.1 200
OK logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 684ms
173ms Image
image/png 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: "5dc41b17-4a32"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 18994
Expires: Tue, 19 Nov 2019 16:30:35 GMT

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 241ms
88ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: "5dc41b17-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20920
Expires: Wed, 11 Nov 2020 16:30:35 GMT

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 246ms
88ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: "5dc41b17-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20900
Expires: Wed, 11 Nov 2020 16:30:35 GMT

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 340ms
174ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: "5dc41b17-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20680
Expires: Wed, 11 Nov 2020 16:30:35 GMT

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 258ms
88ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: "5dc41b17-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20884
Expires: Wed, 11 Nov 2020 16:30:35 GMT

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 346ms
174ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: "5dc41b17-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 15820
Expires: Wed, 11 Nov 2020 16:30:35 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/ 254 KB
91 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3b6f51d30b4b20b9e7b3da75b5c14a51ce39ec203b9fa37e043f097272d5540e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 Nov 2019 18:28:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Nov 2019 05:06:47 GMT
server: sffe
age: 79349
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 92852
x-xss-protection: 0
expires: Tue, 10 Nov 2020 18:28:05 GMT

GET
H/1.1 200
OK mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
722 B 232ms
88ms Image
image/svg+xml 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: W/"5dc41b17-33c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 19 Nov 2019 16:30:35 GMT

GET
H/1.1 200
OK twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
847 B 259ms
87ms Image
image/svg+xml 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: W/"5dc41b17-364"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 19 Nov 2019 16:30:35 GMT

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame 2F47 3 KB
2 KB 23ms
23ms Script
text/javascript 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&cbuster=1573576234&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined&gdpr=1&gdprConsent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: 3faebfc5b6764b5e74bc64fb6dc043427fc8c1f0e19fe5e662643cf36022ac31

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:34 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.1.33
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/javascript; charset=utf-8

GET
H/1.1 200
OK mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
722 B 260ms
87ms Image
image/svg+xml 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: W/"5dc41b17-32c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 19 Nov 2019 16:30:35 GMT

GET
H/1.1 200
OK logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 260ms
87ms Image
image/png 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1573133080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Last-Modified: Thu, 07 Nov 2019 13:24:39 GMT
Server: nginx
ETag: "5dc41b17-260a"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 9738
Expires: Tue, 19 Nov 2019 16:30:35 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 7017
date: Tue, 12 Nov 2019 14:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Tue, 12 Nov 2019 16:33:37 GMT

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 12 KB
6 KB 33ms
9ms Script
application/x-javascript 91.228.74.138
Quantcast Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.138 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software: QS /
Resource Hash: 404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:34 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12-Nov-2019 16:30:34 GMT
Server: QS
ETag: M0-e2b9884a
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Connection: keep-alive
Content-Length: 5456
Expires: Tue, 19 Nov 2019 16:30:34 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 5ms
5ms Script
application/javascript 151.101.112.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:30:34 GMT
content-encoding: gzip
age: 29852
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-hhn4066-HHN
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1573576235.873893,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
7 KB 87ms
87ms XHR
text/plain 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3491948018021340&correlator=657972436160637&output=ldjh&impl=fifs&adsid=NT&eid=21064169&vrg=2019110401&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A536903688%2C8%3A134250504&sc=1&sfv=1-0-36&ecs=20191112&iu_parts=21707124336%2C2x2-Skin%2C970x250-ATF%2C300x250-ATF%2C300x600-ATF&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=2x2%2C970x250%7C728x90%2C300x250%2C300x600%7C300x250&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fransomware-attack-downs-hosting-service-smarterasp-net%252F150072%252F%26urlquery%3Dgoogfc%26contentid%3D150072%26category%3Dhacks%26contenttags%3Dcyberattack%252Chack%252Chosting-service%252Conline%252Cransomware%252Cransomware-attack%252Csmarterasp-net%252Cweb-hosting-service&cookie_enabled=1&bc=31&abxe=1&lmt=1573576234&dt=1573576234907&dlt=1573576234407&idt=478&frm=20&biw=1585&bih=1200&oid=3&adxs=0%2C308%2C1093%2C1093&adys=4312%2C0%2C407%2C1779&adks=2490549053%2C2675834513%2C974937504%2C960001541&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&dssz=29&icsg=797312&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x2%7C970x250%7C300x250%7C300x600&msz=1585x2%7C970x250%7C300x250%7C300x600&ga_vid=1207613773.1573576235&ga_sid=1573576235&ga_hid=2036911644&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019110401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

af112e5567baaed580c30f3d2feb52367706bde26122b3ff770064f17977c571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:30:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6881
x-xss-protection: 0
google-lineitem-id: -2,5203321858,5203321858,5203321858
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,138291554562,138291905809,138291554427
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2019110401.js Show response
securepubads.g.doubleclick.net/gpt/ 64 KB
25 KB 38ms
38ms Script
text/javascript 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019110401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019110401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

sffe /

Resource Hash

d3cd091705544e4df29bbee72ca66f1233f6fa01447742156675c21ba59e6e15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:30:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 04 Nov 2019 14:08:43 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 25051
x-xss-protection: 0
expires: Tue, 12 Nov 2019 16:30:34 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-36/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019110401.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H/1.1 200
OK liveVideo.php Show response
live.sekindo.com/live/ Frame 2F47 910 KB
293 KB 46ms
45ms Script
text/html 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&cbuster=1573576234&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined&gdpr=1&gdprConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: f45e94da37d96fb4ca31d2399bd78652963ced64908d17ba7498b3735fd868a1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:34 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/7.1.33
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=2036911644&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&ul=en-u...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=1207613773.1573576235&jid=1333927507&_gid=133058146.1573576235&gjid=2029434237&_v=j79&z=1221120940
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1207613773.1573576235&jid=1333927507&_v=j79&z=1221120940
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1207613773.1573576235&jid=1333927507&_v=j79&z=1221120940&slf_rd=1&random=4168047805

42 B
109 B

32ms
32ms

Image
image/gif

2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1207613773.1573576235&jid=1333927507&_v=j79&z=1221120940&slf_rd=1&random=4168047805

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Nov 2019 16:30:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Nov 2019 16:30:35 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1207613773.1573576235&jid=1333927507&_v=j79&z=1221120940&slf_rd=1&random=4168047805
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 8ms
7ms Font
font/woff2 2600:9000:21f3:f400:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:f400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-kaspersky-widgets/css/trending-authors.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=fb7defda
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 25 Aug 2019 00:22:42 GMT
via: 1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
age: 6883671
x-cache: Hit from cloudfront
status: 200
content-length: 77160
pragma: public
last-modified: Fri, 23 Aug 2019 05:16:18 GMT
server: nginx
etag: "5d5f76a2-12d68"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
x-amz-cf-id: q95Xp3Un2ac7hRXhELebyYANEoYHFLz2O0V11aTiszRP7c80he2pBw==
expires: Mon, 24 Aug 2020 00:22:42 GMT

GET
H/1.1 200
OK photo-newsletter.jpg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 83 KB
83 KB 262ms
89ms Image
image/jpeg 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/photo-newsletter.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Tue, 12 Nov 2019 16:30:35 GMT
Last-Modified: Thu, 07 Nov 2019 13:24:40 GMT
Server: nginx
ETag: "5dc41b18-14c88"
Content-Type: image/jpeg
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 85128
Expires: Tue, 19 Nov 2019 16:30:35 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame A4F3 0
0 30ms
30ms Document
text/html 2a00:1450:4001:825::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=75nbHAdFrusJCwoMVGTXoHoM&theme=standard&size=normal&cb=rk6pwud2frjk

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zIrSmzzhATgLz3TtCHpSYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=75nbHAdFrusJCwoMVGTXoHoM&theme=standard&size=normal&cb=rk6pwud2frjk
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 12 Nov 2019 16:30:35 GMT
content-security-policy: script-src 'report-sample' 'nonce-zIrSmzzhATgLz3TtCHpSYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 8539
server: GSE
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 3 B
353 B 500ms
499ms Script
application/x-javascript 2600:9000:2043:200:6:44e3:f8c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:29:04 GMT
via: 1.1 b7e7cd319ec31b533acb1e9e4b737331.cloudfront.net (CloudFront)
last-modified: Fri, 03 Mar 2017 23:52:35 GMT
server: AmazonS3
age: 122
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Error from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=300
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-length: 3
x-amz-cf-id: hmzHlziTQGqwnUUT68EYG9tbASifH_JbB2xPDeIJtfMx6-x6BlStLg==

GET
H2 200 adsct
t.co/i/ 43 B
166 B 123ms
123ms Image
image/gif 104.244.42.197
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:30:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Tue, 12 Nov 2019 16:30:35 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: cb5b65ce86f9865f10dfcaa2b342b6d1
x-transaction: 0070753f00c21514
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 / Show response
graph.facebook.com/ 100 B
542 B 54ms
42ms XHR
application/json 2a03:2880:f01c:800e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

ab78515d052450732b6e2324527e5bbcdddcc2fe923e616cc35219c34aad0543

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

strict-transport-security: max-age=15552000; preload
etag: "2822f12c2e988eeed48bc14c74e83a68d0cbb192"
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
x-fb-rev: 1001417202
alt-svc: h3-23=":443"; ma=3600
content-length: 100
pragma: no-cache
x-fb-debug: 5Leo7HToMxSIvCTZYvMtd87OFRhUgI6k4iTthJke4fgSmcCy+vqRmsPqckqqgipSS8WUQqJsvhNO2deSWX/18g==
x-fb-trace-id: DzZ2tj2i3Ue
date: Tue, 12 Nov 2019 16:30:35 GMT
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: AfA-YbzORjoRhxRtJQtlqgc
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.11
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 242ms
242ms Script
text/html 2a05:f500:11:101::b93f:9001
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&format=jsonp&callback=jQuery112400822479729280754_1573576234768&_=1573576234769
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9001 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 info.json Show response
www.reddit.com/api/ 102 B
854 B 124ms
124ms XHR
application/json 151.101.113.140
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

snooserv /

Resource Hash

f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 12 Nov 2019 16:30:35 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 200
content-length: 102
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4074-HHN
x-moose: majestic
expires: -1
server: snooserv
x-timer: S1573576235.045694,VS0,VE119
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ 20 KB
8 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:814::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019110401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

866c1cf254c11afbcb1689842e0eb3ed4973f7edada9f814d5e6b72cd54b9b56

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 4472
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7923
x-xss-protection: 0
server: sffe
date: Tue, 12 Nov 2019 15:16:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "78dc79e454080e42"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 15:16:03 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ Frame 1ECA 243 KB
77 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:814::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019110401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 5317
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 78754
x-xss-protection: 0
server: sffe
date: Tue, 12 Nov 2019 15:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e013cb1224f59e75"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 15:01:58 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 1ECA 151 KB
46 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:814::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019110401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 5317
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 47460
x-xss-protection: 0
server: sffe
date: Tue, 12 Nov 2019 15:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8efde0f72d912957"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 15:01:58 GMT

GET
DATA 200
OK truncated
/ Frame 1ECA 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c8c2467c0d3ec3bb22847610cca3ded120718eff1883a9a28188372946f15e0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ Frame 9D21 243 KB
77 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:814::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019110401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 5317
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 78754
x-xss-protection: 0
server: sffe
date: Tue, 12 Nov 2019 15:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e013cb1224f59e75"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 15:01:58 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 9D21 151 KB
46 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:814::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019110401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 5317
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 47460
x-xss-protection: 0
server: sffe
date: Tue, 12 Nov 2019 15:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8efde0f72d912957"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 15:01:58 GMT

GET
DATA 200
OK truncated
/ Frame 9D21 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d83645fb8469c2be7d8235af536670ad4df75d4c52966d3f3ec6a59e60fb03c9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011910251950120/ Frame 291E 243 KB
77 KB 6ms
4ms Script
text/javascript 2a00:1450:4001:814::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019110401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 5317
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 78754
x-xss-protection: 0
server: sffe
date: Tue, 12 Nov 2019 15:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e013cb1224f59e75"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 15:01:58 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011910251950120/v0/ Frame 291E 151 KB
46 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:814::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011910251950120/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019110401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: gzip
x-content-type-options: nosniff
age: 5317
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 47460
x-xss-protection: 0
server: sffe
date: Tue, 12 Nov 2019 15:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8efde0f72d912957"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Nov 2020 15:01:58 GMT

GET
DATA 200
OK truncated
/ Frame 291E 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a7566722c955e2293e0cbd9f3a5e79392485e7201ceb1f2fb684cceb652bf85

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 6724660090432861970
tpc.googlesyndication.com/simgad/ Frame 1ECA 28 KB
28 KB 8ms
5ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6724660090432861970

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

658cd890cc8ab4258fa635bd02f049a19cf9906357c3ab5ab135c2a7e23ecb08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 06:26:03 GMT
x-content-type-options: nosniff
age: 1159472
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28179
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 15:06:43 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 06:26:03 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1ECA 0
279 B 18ms
15ms Image
image/gif 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvSnmE9sfh06qdeV6DeogbeiKC4F9wuZgwqAXNq-JMx0E8Kzv9wwL9wIhz2CKwm6LRFLrc3XB8o2HHTM_v00HKMyHAwJckMIk3vkEOxG5UiYm6hZYgDE1VpQTWWveAxOfJ8ppkXd6iuUwO0fgN2Ve7Ah6acvVBMnpiJ_7oEcsGV0OfeR0ewGVdPpX-fvlWrFuSWaIjHgP2ytVODSn6oRvbYaJVNjtOs1J--tGOHt0Qk-uz-l2sz_NxBUi8EbHLjtvOZNBOmMjg&sai=AMfl-YQ2ibLqiLb2dgmo84s2Id-_mZ7W0_OmpOX76JdCOFYM93Kid41M4nZHtOW4kVZnbXfipQfUD0dLrhNlIudogj4svYHWCOJhM1YSmypL&sig=Cg0ArKJSzPQEudWujoPhEAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 12 Nov 2019 16:30:35 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 12 Nov 2019 16:30:35 GMT

GET
H2 200 17005452282922285100
tpc.googlesyndication.com/simgad/ Frame 9D21 22 KB
23 KB 6ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17005452282922285100

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8af9277beea03fa6657fbefb20592a05e592b3ca05d824ea2f4e92e42eb0910e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 11:34:40 GMT
x-content-type-options: nosniff
age: 1140955
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 23027
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 15:07:16 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 11:34:40 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9D21 0
255 B 17ms
16ms Image
image/gif 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvqSwqm06c4DXxxHSe3iD-mk_CGI2fQ3RRDOuvvE7A2CSIS20P80_3X4TufOnW1kQuwqvE3ya46Cpzq2mGFXmly886bt36kUZ1R2EaJCxL_bcjYKMYSAj_PJFNbhczW4dRuPg_xvqo8RfMwpiOzVVnBGJLG19NqD9hxsvZWvw7RkH_jUjNhq66O5J5lYHxqPJpZLXr0iAyvwVaIQt0tbQrmsVNLXbh14UwoG0GNs2S0djtVRxp3tMoORAZmlpM3DjYAIf_GRW0&sai=AMfl-YR_3R5hQU-B5RcvmGsZJ85j7wLSdfhBAkobff_CfBdkMZjfoQN4xaPByusJC2Y_zkUUSYhCwCnCtfhZe7NBhRG00hzgd_WruR9E9KEg&sig=Cg0ArKJSzEyrVWYuqPi4EAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 12 Nov 2019 16:30:35 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 12 Nov 2019 16:30:35 GMT

GET
H2 200 14538969332801618795
tpc.googlesyndication.com/simgad/ Frame 291E 28 KB
28 KB 8ms
7ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14538969332801618795

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1b58502f35dc1b48ad4f026a8fb9e473d01ddaf6211f6548c10b57cebed78b32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 01 Nov 2019 19:38:35 GMT
x-content-type-options: nosniff
age: 939120
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28350
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 15:06:26 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Oct 2020 19:38:35 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 291E 0
253 B 16ms
16ms Image
image/gif 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsur3TnJmlorkuN9iHwiE9SQ3BUGtHJifp25fZt6O4Hukpp_8pLxehmknqY0qKBOsocdBmJn_SuMDgvQMTJdj6yXmBXo63SF1eKy-ms-DmclppIwXz-bHHj7HQHZKAeRQKyZnpKglI_6HNF4T_nsjdKcNhB-tEyQI8NVW4VlvCxzmmPRPKEopOG5v8vAdBngsAG8XLzqGtQeZTKIH8lQJzxrbSYwnKmeg5FEouOixf4Vvcx0Elwql7UuXGxugZYZ1EaEvRR2QD4&sai=AMfl-YQJmqzNJ1pX8OJDrzZ9EAUXNw2ktYxqIndkWqCFXLOoiESfSoZcOoi1nQ1Lx85bNKEj9EJvIwdjWYcEH14s7-emjAeKQCxM_ws68RGC&sig=Cg0ArKJSzBRT_e-O64OBEAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 12 Nov 2019 16:30:35 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 12 Nov 2019 16:30:35 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 2F47 86 KB
25 KB 10ms
10ms Script
application/javascript 13.225.86.250
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.86.250 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-225-86-250.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 29d14c1ad2f8f1be84efd4d678ff3de9d6c3f94eb3b77894504c4824ff1a8ad4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 Nov 2019 17:36:41 GMT
content-encoding: gzip
server: Server
age: 82433
etag: 183e04cde08f40d768be67590e69190d
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
x-amz-cf-id: vIKuxruVNd2P_jMc9jQ5Tk0mPj0lL7HWGOaGeECu8eiW-9zuHqVIHw==
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)

GET
H2

200

i
ipv4.adrta.com/ Frame 2F47
Redirect Chain

https://adrta.com/i?clid=pms&paid=pms&publisherId=19668&caid=&plid=&siteId=101281&kv1=400x291&kv2=threatpost.com&kv3=5dcade2ad351e&kv4=144.76.109.30&kv5=chrome&kv11=12499440095dcade2ad458a&kv12=101...
https://ipv4.adrta.com/i?__aas21=2a01:4f8:192:5414::2&clid=pms&paid=pms&publisherId=19668&caid=&plid=&siteId=101281&kv1=400x291&kv2=threatpost.com&kv3=5dcade2ad351e&kv4=144.76.109.30&kv5=chrome&kv1...

43 B
404 B

262ms
87ms

Image
image/gif

52.1.14.65
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ipv4.adrta.com/i?__aas21=2a01:4f8:192:5414::2&clid=pms&paid=pms&publisherId=19668&caid=&plid=&siteId=101281&kv1=400x291&kv2=threatpost.com&kv3=5dcade2ad351e&kv4=144.76.109.30&kv5=chrome&kv11=12499440095dcade2ad458a&kv12=101281&kv15=DE&kv16=&kv17=&kv18=&kv19=&kv24=desktop&kv26=macosx&kv27=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.14.65 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-1-14-65.compute-1.amazonaws.com
Software: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Nov 2019 16:30:35 GMT
server: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips
content-type: image/gif
status: 200
cache-control: no-cache
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

status: 302
date: Tue, 12 Nov 2019 16:30:35 GMT
server: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips
content-length: 0
location: https://ipv4.adrta.com/i?__aas21=2a01:4f8:192:5414::2&clid=pms&paid=pms&publisherId=19668&caid=&plid=&siteId=101281&kv1=400x291&kv2=threatpost.com&kv3=5dcade2ad351e&kv4=144.76.109.30&kv5=chrome&kv11=12499440095dcade2ad458a&kv12=101281&kv15=DE&kv16=&kv17=&kv18=&kv19=&kv24=desktop&kv26=macosx&kv27=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36

GET
H2 200 6724660090432861970
tpc.googlesyndication.com/simgad/ Frame 1ECA 28 KB
28 KB 6ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6724660090432861970

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

658cd890cc8ab4258fa635bd02f049a19cf9906357c3ab5ab135c2a7e23ecb08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 30 Oct 2019 06:26:03 GMT
x-content-type-options: nosniff
age: 1159472
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28179
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 15:06:43 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Oct 2020 06:26:03 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 2F47 6 KB
3 KB 7ms
7ms XHR
application/javascript 13.225.86.250
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.86.250 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-225-86-250.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:16:53 GMT
content-encoding: gzip
vary: Origin
age: 823
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Fri, 01 Nov 2019 13:46:13 GMT
server: AmazonS3
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: wvAe9XsaeLRnsp5qmG6HE7rEAmRnivFzxbsHRVQLPF4OrKbajo3FTQ==

GET
H2 200 css
fonts.googleapis.com/ Frame CFF8 2 KB
592 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto

Requested by

Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

e5b09ae4f391ccd8e04977e2330f1e533a2a507d95c609a3fd437a7ffc7cddfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 12 Nov 2019 16:30:35 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Tue, 12 Nov 2019 16:30:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
expires: Tue, 12 Nov 2019 16:30:35 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 01B0 2 KB
546 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

e5b09ae4f391ccd8e04977e2330f1e533a2a507d95c609a3fd437a7ffc7cddfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 12 Nov 2019 16:30:35 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Tue, 12 Nov 2019 16:30:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
expires: Tue, 12 Nov 2019 16:30:35 GMT

GET
H/1.1 200
OK placeHolder.png
live.sekindo.com/content/video/splayer/assets/ 23 KB
24 KB 15ms
14ms Image
image/png 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/content/video/splayer/assets/placeHolder.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx /
Resource Hash: 76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:34 GMT
Last-Modified: Sun, 11 Jun 2017 08:03:58 GMT
Server: nginx
ETag: "593cf96e-5dbf"
Content-Type: image/png
Cache-Control: no-cache, private
Accept-Ranges: bytes
Content-Length: 23999
Expires: Tue, 12 Nov 2019 16:30:33 GMT

GET
H/1.1 200
OK vid5dc36ee23cae2664912672.jpg
video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/ Frame 01B0 32 KB
32 KB 143ms
35ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/vid5dc36ee23cae2664912672.jpg?cbuster=1573088995

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

6fe37ba992d7184972f6948f523d8a61669dac89664a09a326f8832c3a6760ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Thu, 07 Nov 2019 01:11:36 GMT
Server: Tengine
ETag: "5dc36f48-7f0a"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 32522
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5dc36edc62d92189470812.jpg
video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/ Frame 01B0 12 KB
12 KB 125ms
17ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/vid5dc36edc62d92189470812.jpg?cbuster=1573088989

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

c099428ced64976c7d9a58d1315cf1a3bb558100ff0364614fe69f4004b40e96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Thu, 07 Nov 2019 01:10:22 GMT
Server: Tengine
ETag: "5dc36efe-2e0f"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 11791
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5dc48807b8023234905935.jpg
video.sekindo.com/uploads/cn9/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 01B0 2 KB
3 KB 114ms
17ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn9/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5dc48807b8023234905935.jpg?cbuster=1573160976

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

caa578d1a53ff7551e55709e033d3f884ed348ab1c028f9dbb381ac9024eec51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Thu, 07 Nov 2019 21:18:42 GMT
Server: Tengine
ETag: "5dc48a32-968"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 2408
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5dc9b1443417d606041899.jpg
video.sekindo.com/uploads/cn10/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 01B0 5 KB
5 KB 112ms
17ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn10/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5dc9b1443417d606041899.jpg?cbuster=1573499213

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

9da7749fabee3e8ce13c1279abdc4b877bed0105abfc773bcf4a8eff9b57ee02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Mon, 11 Nov 2019 19:07:33 GMT
Server: Tengine
ETag: "5dc9b175-13f5"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 5109
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5dc45d5763cf5251729406.jpg
video.sekindo.com/uploads/cn10/video/users/converted/24485/video1523972806/ Frame 01B0 22 KB
22 KB 119ms
34ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn10/video/users/converted/24485/video1523972806/vid5dc45d5763cf5251729406.jpg?cbuster=1573150040

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

2c45769b8ff65857ab551e596ddb7850c1bc4930402346410e3361e87420427c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Thu, 07 Nov 2019 18:18:46 GMT
Server: Tengine
ETag: "5dc46006-5852"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 22610
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5dc36ee35b0c9439250280.jpg
video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/ Frame 01B0 32 KB
32 KB 35ms
35ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/vid5dc36ee35b0c9439250280.jpg?cbuster=1573088996

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

6fe37ba992d7184972f6948f523d8a61669dac89664a09a326f8832c3a6760ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Thu, 07 Nov 2019 01:11:47 GMT
Server: Tengine
ETag: "5dc36f53-7f0a"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 32522
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5dc5fded91328531485056.jpg
video.sekindo.com/uploads/cn10/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 01B0 3 KB
3 KB 18ms
17ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn10/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5dc5fded91328531485056.jpg?cbuster=1573256692

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

f749d5316ac9ef518fc8c91dc8d0f70e50f6b702a7a059a0bb5442fcd0e8997d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Fri, 08 Nov 2019 23:45:37 GMT
Server: Tengine
ETag: "5dc5fe21-a7f"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 2687
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5dc4d205744f3607757364.jpg
video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/ Frame 01B0 15 KB
15 KB 35ms
35ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/vid5dc4d205744f3607757364.jpg?cbuster=1573179913

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

183fa1d6b9ea807bb7880d87144d18b0578c67d87a3d94a30db55f1368bc5f09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Fri, 08 Nov 2019 02:27:17 GMT
Server: Tengine
ETag: "5dc4d285-3c3b"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 15419
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5dc4d213d65d3714684884.jpg
video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/ Frame 01B0 17 KB
18 KB 18ms
18ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/vid5dc4d213d65d3714684884.jpg?cbuster=1573179929

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

e33c7e914624735a96c4312508601d61afe205b169bf0712988d5156659fdd0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Fri, 08 Nov 2019 02:34:30 GMT
Server: Tengine
ETag: "5dc4d436-45c4"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 17860
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5dcac9314ce56254859194.jpg
video.sekindo.com/uploads/cn10/video/users/converted/24485/video1523972806/ Frame 01B0 20 KB
20 KB 17ms
17ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn10/video/users/converted/24485/video1523972806/vid5dcac9314ce56254859194.jpg?cbuster=1573570867

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

e45529ea52a184c0ac408b792427fdfb0cf046fe06b40978f32006e8b67f1c96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Tue, 12 Nov 2019 15:02:28 GMT
Server: Tengine
ETag: "5dcac984-4e84"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 20100
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame 31E0 0
0 31ms
31ms Document
text/html 2a00:1450:4001:825::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=75nbHAdFrusJCwoMVGTXoHoM&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=wxbio3iea1di

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WqlFMt/zNHePq9p3DDtq1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=75nbHAdFrusJCwoMVGTXoHoM&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=wxbio3iea1di
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 12 Nov 2019 16:30:35 GMT
content-security-policy: script-src 'report-sample' 'nonce-WqlFMt/zNHePq9p3DDtq1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1114
server: GSE
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 200
OK vid5dc36ee23cae2664912672.jpg
video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/ Frame CFF8 32 KB
32 KB 127ms
34ms Image
image/jpeg 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/vid5dc36ee23cae2664912672.jpg?cbuster=1573088995

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),

Reverse DNS

Software

Tengine /

Resource Hash

6fe37ba992d7184972f6948f523d8a61669dac89664a09a326f8832c3a6760ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://amli.sekindo.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:05 GMT
Last-Modified: Thu, 07 Nov 2019 01:11:36 GMT
Server: Tengine
ETag: "5dc36f48-7f0a"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 32522
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame CFF8 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame CFF8 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame 2F47 35 KB
2 KB 272ms
247ms XHR
application/json 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn8%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo1523972806%2Fvid5dc36ee23cae2664912672.mp4&vid_content_id=565773&vid_content_desc=Smartphone+Business+Will+Shrink+Next+Year%2C+Says+Huawei+Founder&vid_content_title=Smartphone+Business+Will+Shrink+Next+Year%2C+Says+Huawei+Founder&vid_content_duration=137&x=400&y=225&fpl=1&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&geoLati=51.29930114746094&geoLong=9.491000175476074&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&debugInformation=&gdpr=1&csuuid=5dcade2ad351e&cbuster=1573576235460&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: fbd47470d4703c427e36f84c25ca1e1bd2eb1344827858e960fdc79857bd68c5

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:35 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.1.33
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 2045

GET
H/1.1 200
OK pixel;r=1864392751;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F;fpan=1;fpa=P0-970068514-1573576235533;ns=0;ce=1;qjs=1...
pixel.quantserve.com/ 35 B
494 B 30ms
7ms Image
image/gif 91.228.74.147
Quantcast Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.quantserve.com/pixel;r=1864392751;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F;fpan=1;fpa=P0-970068514-1573576235533;ns=0;ce=1;qjs=1;qv=4c19192-20180628134937;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1573576235533;tzo=-60;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2019%2F11%2F11093439%2Ftarge%2Ctype.article%2Ctitle.Ransomware%20Attack%20Downs%20Hosting%20Service%20SmarterASP%252ENET%2Cdescription.SmarterASP%252ENET%20said%20that%20it%20is%20in%20the%20middle%20of%20recovering%20accounts%20downed%20by%20th%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F15
Requested by: Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.147 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software: QS /
Resource Hash: a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:35 GMT
Server: QS
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame 2F47 35 KB
2 KB 296ms
271ms XHR
application/json 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn8%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo1523972806%2Fvid5dc36ee23cae2664912672.mp4&vid_content_id=565773&vid_content_desc=Smartphone+Business+Will+Shrink+Next+Year%2C+Says+Huawei+Founder&vid_content_title=Smartphone+Business+Will+Shrink+Next+Year%2C+Says+Huawei+Founder&vid_content_duration=137&x=320&y=180&fpl=1&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&geoLati=51.29930114746094&geoLong=9.491000175476074&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&debugInformation=&gdpr=1&csuuid=5dcade2ad351e&cbuster=1573576235582&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: c01ef81a15e72511580eaaf5cf52b9093653ef59d8637316617502dafbfd80d2

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:35 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.1.33
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 2039

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame 2F47 68 KB
3 KB 369ms
345ms XHR
application/json 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn8%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo1523972806%2Fvid5dc36ee23cae2664912672.mp4&vid_content_id=565773&vid_content_desc=Smartphone+Business+Will+Shrink+Next+Year%2C+Says+Huawei+Founder&vid_content_title=Smartphone+Business+Will+Shrink+Next+Year%2C+Says+Huawei+Founder&vid_content_duration=137&x=320&y=180&fpl=1&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&geoLati=51.29930114746094&geoLong=9.491000175476074&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&debugInformation=&gdpr=1&csuuid=5dcade2ad351e&cbuster=1573576235589&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: 59c49d886c6fb31060d6d9eda217eac51dbb55f3dcb6a97ddeefce49e8d0cb16

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:34 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.1.33
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 2780

GET
H/1.1 200
OK chunklist_640.m3u8 Show response
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/ Frame 2F47 826 B
1 KB 71ms
17ms XHR
application/vnd.apple.mpegurl 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/chunklist_640.m3u8
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software: Tengine /
Resource Hash: ece21a84486530dcb514a6166677219452fe651a9b86293a7e3a19f511c4b9c6

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:06 GMT
Last-Modified: Thu, 07 Nov 2019 01:13:58 GMT
Server: Tengine
ETag: "5dc36fd6-33a"
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Expires: Tue, 19 Nov 2019 16:30:06 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 826
X-Proxy-Cache: HIT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame CFF8 11 KB
11 KB 5ms
5ms Font
font/woff2 2a00:1450:4001:821::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Roboto
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 31 Oct 2019 18:43:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1028842
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 11016
x-xss-protection: 0
expires: Fri, 30 Oct 2020 18:43:13 GMT

GET
H/1.1 200
OK w_640_000.ts Show response
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/ Frame 2F47 429 KB
429 KB 35ms
34ms XHR
video/mp2t 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/w_640_000.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software: Tengine /
Resource Hash: c06917a9530b19168ac95f9b011927919f2151ce5e4fae3f053a4a91095f3fa6

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:06 GMT
Last-Modified: Thu, 07 Nov 2019 01:13:46 GMT
Server: Tengine
ETag: "5dc36fca-6b208"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 19 Nov 2019 16:30:06 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 438792
X-Proxy-Cache: HIT

GET
BLOB 200
OK 201ad796-eea9-4cb4-babd-617c2331fdac
https://threatpost.com/ Frame 2F47 63 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://threatpost.com/201ad796-eea9-4cb4-babd-617c2331fdac
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796

Request headers

Sec-Fetch-Mode: same-origin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Length: 64352
Content-Type: text/javascript

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
263 B 126ms
126ms Script
application/javascript 104.244.42.195
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:30:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Tue, 12 Nov 2019 16:30:35 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1f25245a7bf0e01197e9e5b8aa968d11
x-transaction: 001edf3b0097bbdd
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK w_640_001.ts Show response
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/ Frame 2F47 375 KB
376 KB 19ms
19ms XHR
video/mp2t 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/w_640_001.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 6710be55e26b509c49e6bfbb99b5a426e2b05a56edcc3e6e7289716b57ff2d2e

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:06 GMT
Last-Modified: Thu, 07 Nov 2019 01:13:46 GMT
Server: Tengine
ETag: "5dc36fca-5ddcc"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 19 Nov 2019 16:30:06 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 384460
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 01B0 0
379 B 23ms
23ms Image
text/html 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=16&serverTime=1573576234&s=0&sta=12348808&x=320&y=180&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&gdpr=1&gdprConsent=&isWePassGdpr=0&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5dcade2ad351e&contentFileId=565773&mediaPlayListId=5946&playerVer=3.0.0&isExcludeFromOpt=0&cbuster=1573576235804
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:35 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.1.33
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK w_640_002.ts Show response
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/ Frame 2F47 392 KB
393 KB 17ms
17ms XHR
video/mp2t 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/w_640_002.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 4b95ecf6b3823fc6f2fc2384d1be838c85b273564864af4f00f36f3469d1fe06

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:06 GMT
Last-Modified: Thu, 07 Nov 2019 01:13:47 GMT
Server: Tengine
ETag: "5dc36fcb-6215c"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 19 Nov 2019 16:30:06 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 401756
X-Proxy-Cache: HIT

GET
H/1.1 200
OK w_640_003.ts Show response
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/ Frame 2F47 387 KB
387 KB 20ms
20ms XHR
video/mp2t 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/w_640_003.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 6e15afd5c0f7aa2510b022f760417accaea369168030dfa8de03a84d36c3978a

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:06 GMT
Last-Modified: Thu, 07 Nov 2019 01:13:47 GMT
Server: Tengine
ETag: "5dc36fcb-60c10"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 19 Nov 2019 16:30:06 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 396304
X-Proxy-Cache: HIT

GET
H/1.1 200
OK w_640_004.ts Show response
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/ Frame 2F47 426 KB
427 KB 17ms
17ms XHR
video/mp2t 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/w_640_004.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 30d74603cbc162a82c5dec4ea625243e215e65aa4491bb13b8eb6896b6eef9ae

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:06 GMT
Last-Modified: Thu, 07 Nov 2019 01:13:48 GMT
Server: Tengine
ETag: "5dc36fcc-6a9f4"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 19 Nov 2019 16:30:06 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 436724
X-Proxy-Cache: HIT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 2F47 141 B
361 B 38ms
24ms XHR
application/json 52.58.133.90
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.133.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-58-133-90.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 63f7321f537a0c0f7ea7c5b7fd6c6219cb353935ffdad1713450306e5d64245a

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Nov 2019 16:30:36 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 148
expires: 0

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 2F47 0
215 B 50ms
14ms XHR
application/json 18.194.176.163
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.176.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-176-163.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Server: adaptv/1.0
Connection: keep-alive
Content-Length: 0
Content-Type: application/json

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 2F47 0
215 B 51ms
15ms XHR
application/json 18.194.176.163
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=PrimisTwoHB
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.176.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-176-163.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Server: adaptv/1.0
Connection: keep-alive
Content-Length: 0
Content-Type: application/json

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 2F47 0
215 B 49ms
13ms XHR
application/json 18.194.176.163
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=PrimisHB
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.176.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-176-163.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Server: adaptv/1.0
Connection: keep-alive
Content-Length: 0
Content-Type: application/json

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 2F47 143 B
1 KB 48ms
31ms XHR
application/json 37.252.172.250
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

e33d61c28912cd254cd5eb0a002a8c94c4ca9ba6cc78352d1bd0a96daaf71dc9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:38 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.111:80
AN-X-Request-Uuid: a405e24d-c338-4c87-a8ad-0813feef527b
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 2F47 92 B
275 B 33ms
32ms XHR
application/json 34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_2.1.9&dddid=143c50bc-f76c-4e3c-a2f5-9a1bf31a5c9e&nocache=1573576235972&schain=1.0%2C1!primis.tech%2C19668%2C1%2C%2C%2C&auid=540882778&vwd=320&vht=180&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Nov 2019 16:30:35 GMT
via: 1.1 google
server: OXGW/16.167.1
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 204
No Content 171621 Show response
search.spotxchange.com/openrtb/2.3/dados/ Frame 2F47 0
1 KB 246ms
204ms XHR
application/json 185.94.180.123
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/171621
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.123 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 12 Nov 2019 16:30:36 GMT
X-SpotX-Timing-Transform: 0.000372
X-SpotX-Timing-SpotMarket: 0.180979
X-SpotX-Timing-Page-Mux: 0.000320
X-SpotX-Timing-Page-Require: 0.000432
X-fe: 083
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000034
X-SpotX-Timing-Page: 0.188056
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.003273
Last-Modified: Tue, 12 Nov 2019 16:30:36 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.022656
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
X-SpotX-Timing-Page-Misc: 0.002592
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.158323
X-SpotX-Timing-Page-URI: 0.000053
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 2F47 0
59 B 16ms
16ms XHR
text/plain 185.64.189.112
PubMatic

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 12 Nov 2019 16:30:36 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H/1.1 200
OK w_640_005.ts Show response
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/ Frame 2F47 450 KB
451 KB 18ms
18ms XHR
video/mp2t 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/w_640_005.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 427e0a82a3d7692c991e860406e0ae2aecf1574242f3150ce6546de10625cad6

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:06 GMT
Last-Modified: Thu, 07 Nov 2019 01:13:49 GMT
Server: Tengine
ETag: "5dc36fcd-7096c"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 19 Nov 2019 16:30:06 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 461164
X-Proxy-Cache: HIT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 1ECA 42 B
110 B 14ms
14ms Image
image/gif 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstR1Fdd_CKCKrDd-Clpx83MUulHkQEtTPqxSVPCAQThoFQVbnwg43_qjEwLDvaySnsRFz9Nv_Jpf8ytPr3r5ltjz76Xohv5hK_9aa8cpHg&sig=Cg0ArKJSzNgu3LS36_pJEAE&id=ampim&o=308,0&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=220&tls=1221&g=100&h=100&pt=246&tt=1221&rpt=246&rst=1573576235054&r=v&adk=2675834513&avms=ampa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Nov 2019 16:30:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 9D21 42 B
110 B 15ms
15ms Image
image/gif 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuhllhIYADwUC8B5OmINfrrQoqVRusWt2Bn-LduPk3TDuj1dLUZDdlOXf1akSa8uZ9IT8ha1e4OtlQvq2Vj-0ue3dJDFhIJ93QMuMkmbnw&sig=Cg0ArKJSzL5gaTwMlATbEAE&id=ampim&o=1093,407&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=148&tls=1149&g=100&h=100&pt=335&tt=1149&rpt=335&rst=1573576235071&r=v&adk=974937504&avms=ampa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Nov 2019 16:30:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame 2F47 109 B
536 B 96ms
36ms XHR
application/json 52.51.24.119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=j6w8ta9&fmt=json
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.24.119 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-51-24-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 01c3f7addd3ac16b5c50684914adefd37a7c870c9ed87d8e898eb71d4f420818

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Nov 2019 16:30:37 GMT
x-aspnet-version: 4.0.30319
status: 200
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Thu, 12 Dec 2019 16:30:37 GMT

GET
H/1.1 200 212.json Show response
id5-sync.com/g/v1/ Frame 2F47 131 B
370 B 57ms
14ms XHR
text/json 5.39.66.15
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://id5-sync.com/g/v1/212.json?1puid=&gdpr=0&gdpr_consent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 5.39.66.15 , France, ASN16276 (OVH, FR),
Reverse DNS: s10.id5-sync.com
Software: /
Resource Hash: 40a98e63509418503f35acfb6eb52a788f44f51f6ed15265ab854372e35d7e00

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Tue, 12 Nov 2019 16:30:37 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Content-Type: text/json;charset=utf-8

GET envelope
api.rlcdn.com/api/identity/ Frame 2F47 0
0

GET
H/1.1 200
OK Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame F0B2 0
0 19ms
6ms Document
text/html 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 12 Nov 2019 06:59:02 GMT
ETag: "13006b6-97cd-59720c88c16d1"
Accept-Ranges: bytes
Content-Encoding: gzip
Set-Cookie: KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14515
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=138725
Expires: Thu, 14 Nov 2019 07:02:42 GMT
Date: Tue, 12 Nov 2019 16:30:37 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 28C3 0
0 18ms
6ms Document
text/html 104.109.78.125
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.78.125 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 06 Nov 2019 23:32:57 GMT
Content-Encoding: gzip
Content-Length: 7503
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=63866
Expires: Wed, 13 Nov 2019 10:15:03 GMT
Date: Tue, 12 Nov 2019 16:30:37 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

pd
u.openx.net/w/1.0/ Frame EF82
Redirect Chain

https://u.openx.net/w/1.0/pd
https://u.openx.net/w/1.0/pd?cc=1

0
0

18ms
17ms

Document
text/html

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?cc=1
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.1 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
accept-encoding: gzip, deflate, br
cookie: i=9d1b09f4-dd49-4a2e-b55e-579a578369f8|1573576237
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Response headers

status: 200
vary: Accept
set-cookie: i=9d1b09f4-dd49-4a2e-b55e-579a578369f8|1573576237; Version=1; Expires=Wed, 11-Nov-2020 16:30:37 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1573576237|mOgikimWiygu; Version=1; Expires=Wed, 27-Nov-2019 16:30:37 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server: OXGW/16.167.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 12 Nov 2019 16:30:37 GMT
content-type: text/html
content-length: 592
via: 1.1 google
alt-svc: clear

Redirect headers

status: 302
set-cookie: i=9d1b09f4-dd49-4a2e-b55e-579a578369f8|1573576237; Version=1; Expires=Wed, 11-Nov-2020 16:30:37 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server: OXGW/16.167.1
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/pd?cc=1
date: Tue, 12 Nov 2019 16:30:37 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55953/ Frame 2F47
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
https://pixel.advertising.com/ups/55953/sync?uid=e1c3922b-1fe1-4a6b-be86-b387356b413f&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e1c3922b-1fe1-4a6b-be86-b387356b413f
https://ups.analytics.yahoo.com/ups/55953/sync?uid=e1c3922b-1fe1-4a6b-be86-b387356b413f&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e1c3922b-1fe1-4a6b-be86-b387356b413f&apid=UPc200845a-0569-11ea...

0
526 B

21ms
8ms

Image
text/plain

35.157.167.170
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55953/sync?uid=e1c3922b-1fe1-4a6b-be86-b387356b413f&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e1c3922b-1fe1-4a6b-be86-b387356b413f&apid=UPc200845a-0569-11ea-a364-024296851050

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.167.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-157-167-170.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Tue, 12 Nov 2019 16:30:37 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Tue, 12 Nov 2019 16:30:37 GMT
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=e1c3922b-1fe1-4a6b-be86-b387356b413f&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e1c3922b-1fe1-4a6b-be86-b387356b413f&apid=UPc200845a-0569-11ea-a364-024296851050
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET

sync
sync.adap.tv/ Frame 2F47
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D&_test=XcreLQAAAKPxPFdY
https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XcreLQAAAKPxPFdY&_test=XcreLQAAAKPxPFdY

0
0

GET
H2

204

sync
ups.analytics.yahoo.com/ups/57304/ Frame 2F47
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm=&google_sc=&google_tc=
https://pixel.advertising.com/ups/57304/sync?uid=CAESEN44X5Aa40QS2h1lKfPhz_M&google_cver=1
https://pixel.advertising.com/ups/57304/sync?uid=CAESEN44X5Aa40QS2h1lKfPhz_M&google_cver=1&verify=true
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEN44X5Aa40QS2h1lKfPhz_M&google_cver=1&apid=UPc200845a-0569-11ea-a364-024296851050

0
515 B

22ms
7ms

Image
text/plain

35.157.167.170
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEN44X5Aa40QS2h1lKfPhz_M&google_cver=1&apid=UPc200845a-0569-11ea-a364-024296851050

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.167.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-35-157-167-170.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Tue, 12 Nov 2019 16:30:37 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Tue, 12 Nov 2019 16:30:37 GMT
location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEN44X5Aa40QS2h1lKfPhz_M&google_cver=1&apid=UPc200845a-0569-11ea-a364-024296851050
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 %7Bcombo_uid%7D
pr-bh.ybp.yahoo.com/sync/adaptv_ortb/ Frame 2F47 43 B
163 B 40ms
40ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/adaptv_ortb/%7Bcombo_uid%7D

Requested by

Host: threatpost.com
URL: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 12 Nov 2019 16:30:37 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 01B0 0
379 B 44ms
17ms Image
text/html 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=36&serverTime=1573576234&s=101281&sta=0&x=400&y=291&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&gdpr=1&gdprConsent=&isWePassGdpr=0&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5dcade2ad351e&contentFileId=0&mediaPlayListId=0&cbuster=1573576237611
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:37 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.1.33
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 01B0 0
379 B 21ms
21ms Image
text/html 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1573576234&s=101281&sta=0&x=400&y=291&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&gdpr=1&gdprConsent=&isWePassGdpr=0&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5dcade2ad351e&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1573576240602
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:40 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.1.33
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK w_640_006.ts Show response
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/ Frame 2F47 434 KB
435 KB 68ms
34ms XHR
video/mp2t 185.127.16.55
CLOUDWEBMANAGE-UK-1

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5dc36ee23cae2664912672.mp4/w_640_006.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323031392D31312D31325F31387D7B7331323334383830387D7B4335377D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C363631357DFEFE&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&csuuid=5dcade2ad351e&debugInfo=12348808_&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fthreatpost.com%2Fransomware-attack-downs-hosting-service-smarterasp-net%2F150072%2F&contentNum=1&flow_closeBtn=1&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.29930114746094&geoLong=9.491000175476074&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.127.16.55 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software: Tengine /
Resource Hash: e5c8ffc570f2b0d171f007973cbbdd22cdb9dbdbdd5d8fbc1e8152527f3e858f

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 12 Nov 2019 16:30:12 GMT
Last-Modified: Thu, 07 Nov 2019 01:13:49 GMT
Server: Tengine
ETag: "5dc36fcd-6c8cc"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 19 Nov 2019 16:30:12 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 444620
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 01B0 0
379 B 17ms
16ms Image
text/html 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1573576234&s=101281&sta=0&x=400&y=291&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&gdpr=1&gdprConsent=&isWePassGdpr=0&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5dcade2ad351e&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1573576245391
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:45 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.1.33
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 01B0 0
379 B 21ms
20ms Image
text/html 46.166.181.19
NFORCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1573576234&s=101281&sta=0&x=400&y=291&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&gdpr=1&gdprConsent=&isWePassGdpr=0&userIpAddr=144.76.109.30&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5dcade2ad351e&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1573576245602
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.166.181.19 Amsterdam, Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software: nginx / PHP/7.1.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Nov 2019 16:30:45 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.1.33
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=34

Domain: sync.adap.tv
URL: https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XcreLQAAAKPxPFdY&_test=XcreLQAAAKPxPFdY

Verdicts & Comments Add Verdict or Comment

148 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.threatpost.com/	1970-01-19 14:30:45	Name: __qca Value: P0-970068514-1573576235533
.threatpost.com/	1970-01-19 05:06:16	Name: _gat_UA-35676203-21 Value: 1
.threatpost.com/	1970-01-19 22:37:28	Name: __gads Value: ID=4d90a6f99d517252:T=1573576234:S=ALNI_Ma5sWCy2uHupa2ikdumOzFOSofciA
.threatpost.com/	1970-01-19 05:07:42	Name: _gid Value: GA1.2.133058146.1573576235
.threatpost.com/	1970-01-19 22:37:28	Name: _ga Value: GA1.2.1207613773.1573576235

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js(Line 508) Message: Powered by AMP ⚡ HTML – Version 1910251950120 https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
console-api	info	URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js(Line 508) Message: Powered by AMP ⚡ HTML – Version 1910251950120 https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/
console-api	info	URL: https://cdn.ampproject.org/rtv/011910251950120/amp4ads-v0.js(Line 508) Message: Powered by AMP ⚡ HTML – Version 1910251950120 https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adrta.com
ads.adaptv.advertising.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
analytics.twitter.com
api.rlcdn.com
assets.threatpost.com
c.amazon-adsystem.com
cdn.ampproject.org
cm.g.doubleclick.net
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
graph.facebook.com
hbopenbid.pubmatic.com
ib.adnxs.com
id5-sync.com
ipv4.adrta.com
kasperskycontenthub.com
live.sekindo.com
match.adsrvr.org
media.threatpost.com
pagead2.googlesyndication.com
pixel.advertising.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
rules.quantcount.com
search.spotxchange.com
secure.quantserve.com
securepubads.g.doubleclick.net
static.ads-twitter.com
stats.g.doubleclick.net
sync.adap.tv
t.co
teachingaids-d.openx.net
threatpost.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
video.sekindo.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.reddit.com
api.rlcdn.com
sync.adap.tv
104.109.78.125
104.244.42.195
104.244.42.197
13.225.86.250
151.101.112.157
151.101.113.140
172.217.16.130
172.217.22.34
18.194.176.163
185.127.16.55
185.64.189.112
185.94.180.123
2.18.233.180
2600:1f18:26d4:7e01:79ac:b29b:5341:a855
2600:9000:2043:200:6:44e3:f8c0:93a1
2600:9000:20eb:bc00:0:5c46:4f40:93a1
2600:9000:21f3:f400:2:9275:3d40:93a1
2a00:1288:110:c305::8000
2a00:1450:4001:806::2008
2a00:1450:4001:808::2002
2a00:1450:4001:814::2001
2a00:1450:4001:817::2002
2a00:1450:4001:818::2003
2a00:1450:4001:81b::200e
2a00:1450:4001:81d::2002
2a00:1450:4001:820::2001
2a00:1450:4001:820::200a
2a00:1450:4001:821::2003
2a00:1450:4001:825::2003
2a00:1450:4001:825::2004
2a00:1450:400c:c00::9c
2a03:2880:f01c:800e:face:b00c:0:2
2a05:f500:11:101::b93f:9001
34.95.120.147
35.157.167.170
35.158.17.58
35.173.160.135
37.252.172.250
46.166.181.19
5.39.66.15
52.1.14.65
52.51.24.119
52.58.133.90
91.228.74.138
91.228.74.147
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14
00ca8d737776f6cddb0c325cfa7a302fd184606e4292165fafd0d0b482c9ec3f
01c3f7addd3ac16b5c50684914adefd37a7c870c9ed87d8e898eb71d4f420818
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
082f9475d9d702abb1d79353862bd60f700ed63280c8d961d9a6288cbf2f5e9e
183fa1d6b9ea807bb7880d87144d18b0578c67d87a3d94a30db55f1368bc5f09
1b58502f35dc1b48ad4f026a8fb9e473d01ddaf6211f6548c10b57cebed78b32
1d877b654697728723f01959ffbf74d70842fe9cf331f721be5701b61c217638
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
25226e6e3ba0503974bdf2075bc6e44ff223c59520aae1f1722759050d988232
29d14c1ad2f8f1be84efd4d678ff3de9d6c3f94eb3b77894504c4824ff1a8ad4
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c45769b8ff65857ab551e596ddb7850c1bc4930402346410e3361e87420427c
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
30d74603cbc162a82c5dec4ea625243e215e65aa4491bb13b8eb6896b6eef9ae
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
3211cd82ce26fec042b2543617d3138a366d470fa74ed56788c3b0956c9f9ffb
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3a7566722c955e2293e0cbd9f3a5e79392485e7201ceb1f2fb684cceb652bf85
3b6f51d30b4b20b9e7b3da75b5c14a51ce39ec203b9fa37e043f097272d5540e
3faebfc5b6764b5e74bc64fb6dc043427fc8c1f0e19fe5e662643cf36022ac31
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176
4079b5355bfcacc302bc89e8950c26111341281ccafe1d721b40df61b8c31dbf
40a98e63509418503f35acfb6eb52a788f44f51f6ed15265ab854372e35d7e00
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
427e0a82a3d7692c991e860406e0ae2aecf1574242f3150ce6546de10625cad6
44ef9b8be9758f4944226128bcbd68f44fca4b8a4d272ad3288427bbd96accb8
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b95ecf6b3823fc6f2fc2384d1be838c85b273564864af4f00f36f3469d1fe06
59c49d886c6fb31060d6d9eda217eac51dbb55f3dcb6a97ddeefce49e8d0cb16
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5b1b3e1dbec0a6b898bf6b8f17caa692c112ba2d215a1300b1c014c75f9f5ad8
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d79ccfe079401866655dbc03d317965b0c775bf27ab2b6ff6cc0fac9bebfa6a
5e68bd31bd535b874280bebe18d296cf34f2d7108c5318ad39bbb1daeb71c84f
63f7321f537a0c0f7ea7c5b7fd6c6219cb353935ffdad1713450306e5d64245a
658cd890cc8ab4258fa635bd02f049a19cf9906357c3ab5ab135c2a7e23ecb08
6710be55e26b509c49e6bfbb99b5a426e2b05a56edcc3e6e7289716b57ff2d2e
6c8c2467c0d3ec3bb22847610cca3ded120718eff1883a9a28188372946f15e0
6e15afd5c0f7aa2510b022f760417accaea369168030dfa8de03a84d36c3978a
6fe37ba992d7184972f6948f523d8a61669dac89664a09a326f8832c3a6760ec
76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e
76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
866c1cf254c11afbcb1689842e0eb3ed4973f7edada9f814d5e6b72cd54b9b56
89db741bbe693e04001902f6651d3f47bcfd0b216bc35cd1896e33086f7c4ad7
8af9277beea03fa6657fbefb20592a05e592b3ca05d824ea2f4e92e42eb0910e
8f1f51dcb0ea9f84489985e39bc76a26893ecc2ca52fe0306f5d2f2ef43a18f5
9187f59758f3f48feee57006c79b2f7c6e5787058053015ce388d9670373fda0
940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb
9b0fc6786f33d7acd24c944cf2732ce95262e309160dc2d4c7d98c310e2f91d6
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9da7749fabee3e8ce13c1279abdc4b877bed0105abfc773bcf4a8eff9b57ee02
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a25d6b15370e06383386c57fb5278ef22bc15d3151a8059303744f0388e8bbe3
a69c028a3a2d261332d8fb4e17f82257d484d42fd5410b20d22a3ef6e619f66c
a783d2ad42c380bc896219c080fa845d1e9f2e77483558103aeb296b95b85701
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
a9f6c03ce6f4d1654f29f2136651e883198d509cb2e26af1c24b1f87b6ccae13
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7
ab78515d052450732b6e2324527e5bbcdddcc2fe923e616cc35219c34aad0543
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
af112e5567baaed580c30f3d2feb52367706bde26122b3ff770064f17977c571
b7b3948c5fec36ba8a92e5dbbbc85221510a4945586110401302577b8bfea3bc
c01ef81a15e72511580eaaf5cf52b9093653ef59d8637316617502dafbfd80d2
c06917a9530b19168ac95f9b011927919f2151ce5e4fae3f053a4a91095f3fa6
c099428ced64976c7d9a58d1315cf1a3bb558100ff0364614fe69f4004b40e96
c627ddca0af5a2f88fc700ad89786140e7ac6631c798c25894da3430465f497e
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa578d1a53ff7551e55709e033d3f884ed348ab1c028f9dbb381ac9024eec51
cdfeb327370fda3705d056562cae41d30e1891f91ebb06698d7450a5d5472773
d3cd091705544e4df29bbee72ca66f1233f6fa01447742156675c21ba59e6e15
d83645fb8469c2be7d8235af536670ad4df75d4c52966d3f3ec6a59e60fb03c9
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796
e21da87120c823e7856f1e2af9d73746e19590b71407869dccb2d203115d451c
e33c7e914624735a96c4312508601d61afe205b169bf0712988d5156659fdd0f
e33d61c28912cd254cd5eb0a002a8c94c4ca9ba6cc78352d1bd0a96daaf71dc9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e45529ea52a184c0ac408b792427fdfb0cf046fe06b40978f32006e8b67f1c96
e49343582968070ebae89979eabcdd387021e7ef7fd7ea06334bfb3ce007409b
e5b09ae4f391ccd8e04977e2330f1e533a2a507d95c609a3fd437a7ffc7cddfa
e5c8ffc570f2b0d171f007973cbbdd22cdb9dbdbdd5d8fbc1e8152527f3e858f
ece21a84486530dcb514a6166677219452fe651a9b86293a7e3a19f511c4b9c6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f45e94da37d96fb4ca31d2399bd78652963ced64908d17ba7498b3735fd868a1
f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198
f749d5316ac9ef518fc8c91dc8d0f70e50f6b702a7a059a0bb5442fcd0e8997d
f89d17dc2e4ecb385243b7b4cdaf5d8d9f6d4b9829e2be80afb66d01721835e3
fbd47470d4703c427e36f84c25ca1e1bd2eb1344827858e960fdc79857bd68c5

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

129 Requests

98 %HTTPS

44 %IPv6

33 Domains

49 Subdomains

42 IPs

8 Countries

4872 kBTransfer

7544 kBSize

5 Cookies

22 Outgoing links

Redirected requests

129 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

129
Requests

98 %
HTTPS

44 %
IPv6

33
Domains

49
Subdomains

42
IPs

8
Countries

4872 kB
Transfer

7544 kB
Size

5
Cookies

129 HTTP transactions
5 data transactions