www.reuters.com Open in urlscan Pro
13.226.155.90 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-crimi...
Effective URL:
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-crimi...
Submission: On August 12 via api (August 12th 2020, 10:26:45 pm UTC) from US

Summary HTTP 173 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 56 IPs in 8 countries across 39 domains to perform 173 HTTP transactions. The main IP is 13.226.155.90, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is www.reuters.com.
TLS certificate: Issued by Amazon on March 4th 2020. Valid for: a year.

This is the only time www.reuters.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	13.226.155.90 13.226.155.90	16509 (AMAZON-02) (AMAZON-02)
11	13.226.155.30 13.226.155.30	16509 (AMAZON-02) (AMAZON-02)
1	209.197.3.24 209.197.3.24	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2600:9000:218... 2600:9000:2182:400:18:1fcd:34e:d2a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:218... 2600:9000:2182:f400:1e:ef1b:aa40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:815::2008	15169 (GOOGLE) (GOOGLE)
4	13.226.155.12 13.226.155.12	16509 (AMAZON-02) (AMAZON-02)
1	13.226.155.40 13.226.155.40	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
7	104.111.252.228 104.111.252.228	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2406:da00:ff0... 2406:da00:ff00::36eb:b8ea	14618 (AMAZON-AES) (AMAZON-AES)
1	13.226.155.74 13.226.155.74	16509 (AMAZON-02) (AMAZON-02)
1	13.226.145.149 13.226.145.149	16509 (AMAZON-02) (AMAZON-02)
11	104.18.22.230 104.18.22.230	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:1b:... 2a04:4e42:1b::714	54113 (FASTLY) (FASTLY)
3	2606:4700:20:... 2606:4700:20::681a:274	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:b6b1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:218... 2600:9000:2182:5a00:10:27b4:f500:93a1	16509 (AMAZON-02) (AMAZON-02)
3	54.208.250.186 54.208.250.186	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6811:4e6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 3	104.111.238.139 104.111.238.139	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.201.93.216 35.201.93.216	15169 (GOOGLE) (GOOGLE)
5	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1f18:624... 2600:1f18:624f:b000:1a0c:44be:c431:52fe	14618 (AMAZON-AES) (AMAZON-AES)
1	66.81.204.228 66.81.204.228	40034 (CONFLUENC...) (CONFLUENCE-NETWORK-INC)
2	23.62.140.165 23.62.140.165	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:218... 2600:9000:2182:6a00:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE)
1	54.156.236.131 54.156.236.131	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:4001:814::2002	15169 (GOOGLE) (GOOGLE)
6	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
2	52.11.156.223 52.11.156.223	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
3 3	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81a::2003	15169 (GOOGLE) (GOOGLE)
6	34.254.6.162 34.254.6.162	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:819::2001	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:825::2001	15169 (GOOGLE) (GOOGLE)
1	13.226.155.82 13.226.155.82	16509 (AMAZON-02) (AMAZON-02)
1	34.202.105.4 34.202.105.4	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:218... 2600:9000:2182:6200:5:9a4c:9b00:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:825::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE)
1 6	151.101.114.137 151.101.114.137	54113 (FASTLY) (FASTLY)
4	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	172.217.23.134 172.217.23.134	15169 (GOOGLE) (GOOGLE)
1	13.226.155.59 13.226.155.59	16509 (AMAZON-02) (AMAZON-02)
2	3.11.4.3 3.11.4.3	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:218... 2600:9000:2182:4a00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	18.217.68.199 18.217.68.199	16509 (AMAZON-02) (AMAZON-02)
4	104.244.38.20 104.244.38.20	7415 (ADSAFE-1) (ADSAFE-1)
1	13.226.155.120 13.226.155.120	16509 (AMAZON-02) (AMAZON-02)
2	13.226.155.96 13.226.155.96	16509 (AMAZON-02) (AMAZON-02)
1	76.223.7.58 76.223.7.58	16509 (AMAZON-02) (AMAZON-02)
173	56

5 13.226.155.90 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-90.dus51.r.cloudfront.net

www.reuters.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 13.226.155.30 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-30.dus51.r.cloudfront.net

static.reuters.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.197.3.24 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: vip0x018.map2.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2182:400:18:1fcd:34e:d2a1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:f400:1e:ef1b:aa40:93a1 (United States)

ASN16509 (AMAZON-02, US)

queso-cdn.prod.reuters.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.226.155.12 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-12.dus51.r.cloudfront.net

s3.reutersmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.155.40 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-40.dus51.r.cloudfront.net

s4.reutersmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.111.252.228 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-252-228.deploy.static.akamaitechnologies.com

c.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2406:da00:ff00::36eb:b8ea (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

usasync01.admantx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.155.74 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-74.dus51.r.cloudfront.net

cdn.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.145.149 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-145-149.dus51.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.18.22.230 (United States)

ASN13335 (CLOUDFLARENET, US)

www.dianomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::714 (Ascension Island)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::681a:274 (United States)

ASN13335 (CLOUDFLARENET, US)

tru.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
beacon.tru.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:b6b1 (United States)

ASN13335 (CLOUDFLARENET, US)

experience.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:5a00:10:27b4:f500:93a1 (United States)

ASN16509 (AMAZON-02, US)

iabmap.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.208.250.186 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-208-250-186.compute-1.amazonaws.com

l.betrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4e6b (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.238.139 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-238-139.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.93.216 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 216.93.201.35.bc.googleusercontent.com

gwiqcdn.globalwebindex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.235.93 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:624f:b000:1a0c:44be:c431:52fe (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

sope.prod.reuters.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.81.204.228 (Virgin Islands (British))

ASN40034 (CONFLUENCE-NETWORK-INC, VG)

s.mnet-ad.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.62.140.165 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-62-140-165.deploy.static.akamaitechnologies.com

cdneu-xch.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:6a00:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.236.131 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-236-131.compute-1.amazonaws.com

evidon.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.11.156.223 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-11-156-223.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.254.6.162 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-6-162.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b3a96def045d7447c733979e267b018a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:825::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.155.82 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-82.dus51.r.cloudfront.net

get.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.202.105.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-105-4.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:6200:5:9a4c:9b00:93a1 (United States)

ASN16509 (AMAZON-02, US)

beacon.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.114.137 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.235.40 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
reutersdfpcw319687550988.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s18-in-f134.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.155.59 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-59.dus51.r.cloudfront.net

dfp-gateway.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.11.4.3 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-11-4-3.eu-west-2.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2182:4a00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.217.68.199 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-217-68-199.us-east-2.compute.amazonaws.com

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.244.38.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: sjedt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.155.120 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-120.dus51.r.cloudfront.net

onetag-geo.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.155.96 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-96.dus51.r.cloudfront.net

onetag-geo-grouping.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.7.58 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: ab51a9e8185f181d0.awsglobalaccelerator.com

metrics-collector.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	googlesyndication.com b3a96def045d7447c733979e267b018a.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	83 KB
16	reuters.com www.reuters.com static.reuters.com	794 KB
13	adsafeprotected.com cdn.adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	100 KB
11	connatix.com 1 redirects cd.connatix.com cds.connatix.com capi.connatix.com vid.connatix.com img.connatix.com	233 KB
11	doubleclick.net 2 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net ad.doubleclick.net googleads.g.doubleclick.net	112 KB
11	dianomi.com www.dianomi.com	16 KB
10	ampproject.org cdn.ampproject.org	216 KB
8	evidon.com c.evidon.com iabmap.evidon.com	42 KB
7	s-onetag.com get.s-onetag.com beacon.s-onetag.com dfp-gateway.s-onetag.com onetag-geo.s-onetag.com onetag-geo-grouping.s-onetag.com metrics-collector.s-onetag.com	23 KB
7	media.net contextual.media.net cdneu-xch.media.net	208 KB
6	google-analytics.com www.google-analytics.com	78 KB
5	reutersmedia.net s3.reutersmedia.net s4.reutersmedia.net	87 KB
4	google.com 3 redirects adservice.google.com www.google.com	1 KB
3	moatpixel.com reutersdfpcw319687550988.s.moatpixel.com	759 B
3	moatads.com z.moatads.com geo.moatads.com	104 KB
3	googletagservices.com www.googletagservices.com	73 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	betrad.com l.betrad.com	360 B
3	tinypass.com experience.tinypass.com cdn.tinypass.com	124 KB
3	tru.am tru.am beacon.tru.am	13 KB
3	chartbeat.com static.chartbeat.com mab.chartbeat.com	32 KB
2	gstatic.com fonts.gstatic.com	22 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	facebook.com www.facebook.com	252 B
2	segment.io api.segment.io	282 B
2	google.de adservice.google.de www.google.de	935 B
2	consensu.org vendorlist.consensu.org evidon.mgr.consensu.org	19 KB
2	facebook.net connect.facebook.net	166 KB
2	reuters.tv queso-cdn.prod.reuters.tv sope.prod.reuters.tv	26 KB
1	chartbeat.net ping.chartbeat.net	168 B
1	mnet-ad.net s.mnet-ad.net	355 B
1	globalwebindex.net gwiqcdn.globalwebindex.net	6 KB
1	cloudflare.com cdnjs.cloudflare.com	2 KB
1	segment.com cdn.segment.com	96 KB
1	admantx.com usasync01.admantx.com	663 B
1	ytimg.com s.ytimg.com	33 KB
1	youtube.com www.youtube.com	1 KB
1	googletagmanager.com www.googletagmanager.com	91 KB
1	jquery.com code.jquery.com	30 KB
173	39

	Domain	Requested by
16	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.reuters.com cdn.ampproject.org tpc.googlesyndication.com
11	www.dianomi.com	static.reuters.com www.dianomi.com www.reuters.com
11	static.reuters.com	www.reuters.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
7	c.evidon.com	static.reuters.com c.evidon.com
6	pixel.adsafeprotected.com	cdn.adsafeprotected.com www.reuters.com
6	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.reuters.com
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.reuters.com
5	capi.connatix.com	cds.connatix.com
5	contextual.media.net	static.reuters.com contextual.media.net www.reuters.com
5	www.reuters.com	static.reuters.com www.googletagmanager.com c.evidon.com
4	dt.adsafeprotected.com
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
4	s3.reutersmedia.net	www.reuters.com
3	reutersdfpcw319687550988.s.moatpixel.com
3	cds.connatix.com	www.reuters.com cds.connatix.com
3	www.google.com	3 redirects
3	www.googletagservices.com	contextual.media.net securepubads.g.doubleclick.net
3	sb.scorecardresearch.com	1 redirects www.reuters.com
3	l.betrad.com	www.reuters.com
2	onetag-geo-grouping.s-onetag.com	beacon.s-onetag.com
2	static.adsafeprotected.com	pixel.adsafeprotected.com www.reuters.com
2	geo.moatads.com	z.moatads.com
2	googleads.g.doubleclick.net	www.reuters.com
2	ad.doubleclick.net	1 redirects www.reuters.com
2	fonts.gstatic.com	securepubads.g.doubleclick.net
2	fonts.googleapis.com	securepubads.g.doubleclick.net
2	www.facebook.com	www.reuters.com connect.facebook.net
2	api.segment.io	cdn.segment.com
2	cdneu-xch.media.net	www.reuters.com
2	connect.facebook.net	cdn.segment.com connect.facebook.net
2	experience.tinypass.com	www.reuters.com cdn.tinypass.com
2	tru.am	www.googletagmanager.com tru.am
2	static.chartbeat.com	www.reuters.com
1	metrics-collector.s-onetag.com	beacon.s-onetag.com
1	onetag-geo.s-onetag.com	beacon.s-onetag.com
1	img.connatix.com
1	vid.connatix.com	cds.connatix.com
1	dfp-gateway.s-onetag.com	get.s-onetag.com
1	z.moatads.com	securepubads.g.doubleclick.net
1	cd.connatix.com	1 redirects
1	beacon.s-onetag.com	get.s-onetag.com
1	ping.chartbeat.net
1	get.s-onetag.com	www.googletagmanager.com
1	b3a96def045d7447c733979e267b018a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	www.google.de	www.reuters.com
1	stats.g.doubleclick.net	1 redirects
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	evidon.mgr.consensu.org	c.evidon.com
1	vendorlist.consensu.org	c.evidon.com
1	s.mnet-ad.net	www.reuters.com
1	sope.prod.reuters.tv	static.reuters.com
1	beacon.tru.am	tru.am
1	gwiqcdn.globalwebindex.net	www.reuters.com
1	cdnjs.cloudflare.com	www.dianomi.com
1	iabmap.evidon.com	c.evidon.com
1	cdn.tinypass.com	experience.tinypass.com
1	mab.chartbeat.com	static.chartbeat.com
1	cdn.segment.com	www.reuters.com
1	cdn.adsafeprotected.com	static.reuters.com
1	usasync01.admantx.com	static.reuters.com
1	s.ytimg.com	www.youtube.com
1	www.youtube.com	www.reuters.com
1	s4.reutersmedia.net	www.reuters.com
1	www.googletagmanager.com	www.reuters.com
1	queso-cdn.prod.reuters.tv	www.reuters.com
1	code.jquery.com	www.reuters.com
173	68

This site contains links to these domains. Also see Links.

Domain
www.refinitiv.com
www.thomsonreuters.com
www.reutersagency.com
risk.thomsonreuters.com
blogs.thomsonreuters.com
innovation.thomsonreuters.com
reuters.zendesk.com
www.twitter.com
www.facebook.com
thomsonreuters.com
newslink.reuters.com
sales.reuters.com
info.evidon.com
twitter.com
www.youtube.com
instagram.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.reuters.com Amazon	`2020-03-04` - `2021-04-04`	a year	crt.sh
static.reuters.com Amazon	`2019-11-25` - `2020-12-25`	a year	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2020-06-01` - `2021-06-02`	a year	crt.sh
*.prod.reuters.tv Amazon	`2019-12-31` - `2021-01-31`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.evidon.com DigiCert Secure Site ECC CA-1	`2020-04-29` - `2021-07-29`	a year	crt.sh
*.admantx.com SSL.com RSA SSL subCA	`2019-03-29` - `2021-06-25`	2 years	crt.sh
*.adsafeprotected.com COMODO RSA Domain Validation Secure Server CA	`2018-08-20` - `2020-09-17`	2 years	crt.sh
*.segment.com DigiCert SHA2 Secure Server CA	`2020-06-12` - `2021-07-27`	a year	crt.sh
dianomi.com Cloudflare Inc ECC CA-3	`2020-07-02` - `2021-07-02`	a year	crt.sh
f6.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-06-13` - `2021-04-24`	10 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-20` - `2021-07-20`	a year	crt.sh
ssl802628.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2020-05-20` - `2020-11-26`	6 months	crt.sh
l.betrad.com Go Daddy Secure Certificate Authority - G2	`2019-04-25` - `2021-06-24`	2 years	crt.sh
cdnjs.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-12` - `2022-08-17`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
*.globalwebindex.net RapidSSL RSA CA 2018	`2017-12-13` - `2020-12-19`	3 years	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
*.mnet-ad.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-06` - `2021-04-14`	a year	crt.sh
vendorlist.consensu.org Amazon	`2020-02-07` - `2021-03-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
evidon.mgr.consensu.org Amazon	`2020-07-25` - `2021-08-25`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2020-03-14` - `2021-04-14`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.s-onetag.com Amazon	`2020-03-03` - `2021-04-03`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2019-12-16` - `2020-12-30`	a year	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2019-09-05` - `2020-10-19`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.moatads.com DigiCert SHA2 Secure Server CA	`2019-03-12` - `2021-06-10`	2 years	crt.sh
static.adsafeprotected.com Amazon	`2019-11-01` - `2020-12-01`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Frame ID: C1112406CB44E1918C50F62AFDAC9ECA
Requests: 123 HTTP requests in this frame

Frame: https://www.dianomi.com/smartads.epl?id=4728&num_ads=5&shuffle=0&cf=545.4.Reuters%20Feed&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Frame ID: A138735DC404BF185334183DAA540FFE
Requests: 1 HTTP requests in this frame

Frame: https://www.dianomi.com/recirculation.epl?id=98&cf=545.4.Reuters%20Feed
Frame ID: 5D08F0DB24EC6754CAC0175E371FB6EC
Requests: 1 HTTP requests in this frame

Frame: https://www.dianomi.com/recirculation.epl?id=99&start=6&cf=545.4.Reuters%20Feed
Frame ID: A859489BCCDB0537E0D00983C8AD7244
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUF1VN4G&prvid=3%2C23%2C28%2C29%2C33%2C38%2C41%2C51%2C54%2C56%2C59%2C69%2C72%2C74%2C76%2C77%2C80%2C82%2C84%2C97%2C106%2C108%2C109%2C113%2C117%2C118%2C122%2C126%2C138%2C139%2C141%2C145%2C147%2C159%2C172%2C173%2C174%2C175%2C178%2C182%2C184%2C188%2C193%2C201%2C203%2C208%2C214%2C222%2C225%2C226%2C3004%2C3007%2C3008%2C3010%2C3012%2C3014%2C3015%2C3017&rtime=922&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
Frame ID: D9ECDBACC3420CBDAF6DD4F8A08C3FA2
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js
Frame ID: D25FB77C940B2A7AD1C5E80EB0B20D7D
Requests: 21 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js
Frame ID: 0BBAECE99A4FEC011983225BC83E5A3D
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRr7ovXTS-B76FL3W40jfK6jnVErLRPm1J-vNie9RJBrXFJaioRq3JKGUNHZUpSA91E_BKbiwTLPpE7lG6otpqI3Hzrllo1Cf3e78SHPBAKwiCa-UEG-8cAQQG6qEkX-mSVAVDB8GQ9JpWtV7A3XHhaweja8DyXQ8eyjAtpGvWntlF4OFqJ-FikSex8RGXKHN2OoSq3T4wNdg3wJ1BSsN_xSd1_dESandeCtePPGAous1so6CeS3TWlvg1SQSKKvIp8En4v8JEuPxOSYkJ7J4puHyBuzdpal6HmOC3nbA&sai=AMfl-YT76Nc5GUiR6-fxtBU7g5R0EK2ZBRE3nUyn6o5269sp8fPvS4jR1JmLYQlMOxMJHzn3LJHMCzS9z3LFHEcx1oLd-8xZr0uSP2i0yiOmHxPq0CIQHGcdtTaA5DlQWJs&sig=Cg0ArKJSzP3OxkPTEj9EEAE&urlfix=1&adurl=
Frame ID: E0B6D77185706B1E1676585EA915DA0C
Requests: 9 HTTP requests in this frame

Frame: https://cds.connatix.com/p/44385/connatix.player.dc.js
Frame ID: BB8CC81DE2D9E5780CAFE72C8886B1C8
Requests: 7 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=9599162&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=
Frame ID: 7D2553AF1B91E856FD07EE175AFA05BE
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: C4F9BBEF1D49D9DA144992F26F17BD6F
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: A0D94CCF632CB70736038AE4D7DDFFEC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

173
Requests

100 %
HTTPS

46 %
IPv6

39
Domains

68
Subdomains

56
IPs

8
Countries

3056 kB
Transfer

8842 kB
Size

7
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://www.refinitiv.com/en
Title: Financial

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/products-services/government-solutions.html
Title: Government Solutions

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/products-services/legal.html
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.reutersagency.com/?utm_source=website&utm_medium=reutersdotcom&utm_campaign=site-referral&utm_content=united_states&utm_term=0
Title: Reuters News Agency

Search URL Search Domain Scan URL

URL: https://risk.thomsonreuters.com/en.html
Title: Risk Management Solutions

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/products-services/tax-accounting.html
Title: Tax & Accounting

Search URL Search Domain Scan URL

URL: https://blogs.thomsonreuters.com/answerson/
Title: Blog: Answers On

Search URL Search Domain Scan URL

URL: https://innovation.thomsonreuters.com/en.html
Title: Innovation @ Thomson Reuters

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/global-gateway.html
Title: Directory of sites

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/login.html
Title: Login

Search URL Search Domain Scan URL

URL: https://reuters.zendesk.com/hc/en-us/articles/216467423-Contact-Reuters
Title: Contact

Search URL Search Domain Scan URL

URL: https://reuters.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.twitter.com/share?url=https%3A%2F%2Freut.rs%2F3jXvpRY&text=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Freut.rs%2F3jXvpRY&t=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals

Search URL Search Domain Scan URL

URL: http://thomsonreuters.com/en/about-us/trust-principles.html
Title: The Thomson Reuters Trust Principles.

Search URL Search Domain Scan URL

URL: https://newslink.reuters.com/join/subscribe
Title: Newsletters

Search URL Search Domain Scan URL

URL: https://sales.reuters.com/en/
Title: Advertise with Us

Search URL Search Domain Scan URL

URL: https://info.evidon.com/pub_info/285
Title: Cookies

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/privacy-statement.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://twitter.com/reuters

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Reuters

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ReutersVideo

Search URL Search Domain Scan URL

URL: https://instagram.com/reuters/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/10256858/

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/policies/copyright.html
Title: © 2020 Reuters. All Rights Reserved.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65

https://sb.scorecardresearch.com/b?c1=2&c2=6035630&ns__t=1597271185102&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1597271185102&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9=&cs_ak_ss=1

Request Chain 82

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-24152976-22&cid=1223394218.1597271184&jid=429935943&gjid=1506523059&_gid=1061043345.1597271184&_u=aGDAiEAjR~&z=1479245872 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=1223394218.1597271184&jid=429935943&_v=j83&z=1479245872 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=1223394218.1597271184&jid=429935943&_v=j83&z=1479245872&slf_rd=1&random=538444620

Request Chain 127

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/44385/connatix.player.dc.js

Request Chain 131

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23768030.267046128;dc_trk_aid=461813794;dc_trk_cid=106332843;ord=1712793112;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23768030.267046128;dc_pre=CJbDv-3alusCFU6Tewod0rUIEQ;dc_trk_aid=461813794;dc_trk_cid=106332843;ord=1712793112;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 141

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 146

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

173 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W Show response
www.reuters.com/article/us-cyber-cwt-ransom/ 228 KB
58 KB 76ms
28ms Document
text/html 13.226.155.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.90 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-90.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 940b734900faede377193b445d34e0d48701e2756f7fdd76b3f4cfacc50d4709

Request headers

:method: GET
:authority: www.reuters.com
:scheme: https
:path: /article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html;charset=UTF-8
access-control-allow-headers: Access-Control-Allow-Origin,charset
access-control-allow-origin: http://admin.reuters.com
channel-name: RCOMUS_Cyberrisk
content-encoding: gzip
date: Wed, 12 Aug 2020 22:26:21 GMT
expires: Wed, 12 Aug 2020 22:11:45 GMT
last-updateda: Fri, 31 Jul 2020 15:03:18 GMT
server: nginx
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0406d08716a9781a5c19ff86db2debd3.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: _vl5RhjGb0aDDHySIfFb_trVvqAtmBF1be64jUUaCPuorFU7uMb2gw==
age: 873

GET
H2 200 article.bundle.css
static.reuters.com/resources_v2/react/cookie-reset-b74/ 149 KB
16 KB 74ms
24ms Stylesheet
text/css 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/article.bundle.css
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 6e198633e8651d2d219b18b644b77c8fac327d010d3d792be5d741f5bed10ff7

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 21:11:33 GMT
content-encoding: gzip
age: 4502
x-cache: Hit from cloudfront
status: 200
content-length: 16066
last-modified: Thu, 06 Aug 2020 21:01:29 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control: max-age=7200
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: NeRuOv48QJP87XDy791IUCxW851FQgWLtsfXSNDaF6W4tEVJayM5ZA==
expires: Wed, 12 Aug 2020 23:11:21 GMT

GET
H2 200 common.bundle.css
static.reuters.com/resources_v2/react/cookie-reset-b74/ 480 KB
279 KB 73ms
24ms Stylesheet
text/css 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.css
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 631b052c0fac425fdea5a7a644d5e3554283675424c4c95003960e8fa96f6060

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:08:51 GMT
content-encoding: gzip
last-modified: Thu, 06 Aug 2020 21:01:34 GMT
server: nginx
age: 1052
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: max-age=7200
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: Sp3xDgpbRigX7gZZ2sAQjbWo99KOqafNwwSM9GElDO30ukHbMEja_Q==
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
expires: Thu, 13 Aug 2020 00:08:51 GMT

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ 86 KB
30 KB 350ms
16ms Script
application/javascript 209.197.3.24
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.197.3.24 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: vip0x018.map2.ssl.hwcdn.net
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Origin: https://www.reuters.com

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
last-modified: Wed, 01 May 2019 21:14:27 GMT
server: nginx
status: 200
etag: W/"5cca0c33-15851"
vary: Accept-Encoding
x-hw: 1597271184.dop118.am5.t,1597271184.cds238.am5.hn,1597271184.cds260.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 19 KB
8 KB 31ms
9ms Script
application/x-javascript 2600:9000:2182:400:18:1fcd:34e:d2a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:400:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c1acfa727754dab58bedc79995a642e235c6fde6449824c4fba4318fc060c91c

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 21:02:33 GMT
content-encoding: gzip
last-modified: Wed, 14 Aug 2019 01:44:12 GMT
server: nginx
age: 5030
etag: W/"5d53676c-4a99"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: fUNrWssRJS-uWxbLrczrWLP90Hj_RvGO2LeoHfJWLXYHJ5t-IEP22w==
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
expires: Wed, 12 Aug 2020 23:02:33 GMT

GET
H2 200 embedder.bundle.js Show response
queso-cdn.prod.reuters.tv/new/assets/ 50 KB
13 KB 36ms
11ms Script
application/javascript 2600:9000:2182:f400:1e:ef1b:aa40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://queso-cdn.prod.reuters.tv/new/assets/embedder.bundle.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:f400:1e:ef1b:aa40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: b530d2f33467c65e254999ed904332bc40a5aa25c750229790295f6742938b6f

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:20 GMT
content-encoding: gzip
x-origin: i-0a9bb8cea211e1dd9.queso.prod.us.reuters.tv
age: 3
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Tue, 10 Dec 2019 21:26:03 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5df00d6b-c6f0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
access-control-allow-headers: connection, range, accept-encoding, user-agent, referer, content-type
x-amz-cf-id: PScjmPzhexQKW1gsz96nmeKpxbT_WC-K35nAEVn74xQbQrK7S_hPFw==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 314 KB
91 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:815::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

05570487bb3f6249f82ffaaf817889dc909225f80ae76d6f0e6c864465b8304f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:23 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 93256
x-xss-protection: 0
expires: Wed, 12 Aug 2020 22:26:23 GMT

GET
H2 200 3aae9fd5da3557fba61d6444cb943643.png
static.reuters.com/resources_v2/react/cookie-reset-b74/ 1 KB
2 KB 65ms
25ms Image
image/png 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/3aae9fd5da3557fba61d6444cb943643.png
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 6346ee09058d555984eb04aac881775c926b5d9d4f73ca91493f7cb708ed90df

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 21:09:23 GMT
content-encoding: gzip
age: 4647
x-cache: Hit from cloudfront
status: 200
content-length: 1539
last-modified: Thu, 06 Aug 2020 21:01:24 GMT
server: nginx
vary: Accept-Encoding
content-type: image/png
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: -62JdvcB7z-jHABc3VCbHTEpLRFdxGqAi4rFWn5HL9aEe_Eip2oktQ==
expires: Thu, 13 Aug 2020 21:08:56 GMT

GET
H2 200 /
s3.reutersmedia.net/resources/r/ 687 B
1 KB 72ms
24ms Image
image/jpeg 13.226.155.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.reutersmedia.net/resources/r/?m=02&d=20200731&t=2&i=1527877045&r=LYNXNPEG6U1D5&w=20
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-12.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: b5771462426214dd38f38352be4e5018e2d479df771d17d87723969efab65a49

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: PXHk6IkLtD2pt0PIqdPJZ3WIZqK3k.av
via: 1.1 e7b88cadf742e342f39f17392af35c4f.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 15:03:45 GMT
server: nginx
age: 51949
etag: "99ad09d534e9cd2cfa262e77d01586b5"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
date: Wed, 12 Aug 2020 08:00:34 GMT
x-amz-cf-pop: DUS51-C1
content-length: 687
x-amz-cf-id: j1kqT4ER2OY8_nN7EtemSscbHZyAfaMWEuUgX-Z-dK_dbbwLVxU0DQ==

GET
H2 200 /
s4.reutersmedia.net/resources/r/ 42 KB
42 KB 82ms
33ms Image
image/jpeg 13.226.155.40
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s4.reutersmedia.net/resources/r/?m=02&d=20200731&t=2&i=1527877047&r=LYNXNPEG6U1D9
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.40 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-40.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 09c52e5ea3fdb1ac6d74bf9c68a5411ae21355fb33afd30b8b37c434c3338e2a

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 19:05:20 GMT
via: 1.1 92eff4f17f8a434975f912a39f575296.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 15:03:45 GMT
server: nginx
age: 12063
etag: "d2c4ae5113a50834133f423b9565d7aa"
x-cache: Hit from cloudfront
x-amz-version-id: C0cntzZ8DoRgeITqsscUR_ZjzuW8xrP8
status: 200
x-amz-cf-pop: DUS51-C1
content-type: image/jpeg
content-length: 43013
x-amz-cf-id: Y_u4QWoefoJozHFaubFJIhU1lOj0nYgRilPtMDaNzp_sRK2ZIBNj9g==

GET
H2 200 common.bundle.js Show response
static.reuters.com/resources_v2/react/cookie-reset-b74/ 756 KB
182 KB 71ms
35ms Script
application/javascript 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 7a093c39bdbf0571cc22c594df90ec9f5b114be57bd9f565a192fa07545562f2

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 21:08:38 GMT
content-encoding: gzip
last-modified: Thu, 06 Aug 2020 21:01:35 GMT
server: nginx
age: 4689
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: 0n2WiXhotiZzpf6Xka-bjBzoJCl28FNZPgaVl7Y4XJT_uGSqLdJQVg==
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
expires: Wed, 12 Aug 2020 23:08:14 GMT

GET
H2 200 article.bundle.js Show response
static.reuters.com/resources_v2/react/cookie-reset-b74/ 367 KB
53 KB 60ms
24ms Script
application/javascript 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/article.bundle.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 3234a9f00027b349b802fae240f760a270d6f4e7f39ecee827e77c3e282f7846

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:08:35 GMT
content-encoding: gzip
age: 1068
x-cache: Hit from cloudfront
status: 200
content-length: 53817
last-modified: Thu, 06 Aug 2020 21:01:30 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control: max-age=7200
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: M4fL_sDmd0IROZk_iekKorITE9uLbuPjFag5B7x5ls3y1whqQGPQHQ==
expires: Thu, 13 Aug 2020 00:08:35 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 4243
date: Wed, 12 Aug 2020 21:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Wed, 12 Aug 2020 23:15:40 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 74 KB
29 KB 18ms
15ms Script
application/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-TBBXQQ&t=gtm2&cid=1223394218.1597271184

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5275e53dca9e7f8cb2741c3e11050df06b6d9167b088dbd8e0ce59052aa97556

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:23 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29782
x-xss-protection: 0
last-modified: Wed, 12 Aug 2020 21:52:18 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 12 Aug 2020 22:26:23 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 44ms
23ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

a0d3ad2bd0bb836d67e587c3b497fc7275294125707b05bc38624cf787086dec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:23 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
status: 200
cache-control: no-cache
content-type: application/javascript
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflm7q--B/ 90 KB
33 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflm7q--B/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a09f19ac3a6fb7a6db7aa92dc9a888e9f6f169b18171d6d958693399af19c99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 18:51:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12922
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33291
x-xss-protection: 0
last-modified: Wed, 12 Aug 2020 02:10:58 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Thu, 20 Aug 2020 18:51:01 GMT

GET
DATA 200
OK truncated
/ 49 KB
49 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f01d25f7a76e0682a7a43230c32bef653eaf28b8a6f7a683ebb88bf8c6aa4f50

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin: https://www.reuters.com

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 49 KB
49 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7d62426c6b87d35cef5c2c873355aa44edffcf4a7f927f1c51b10694ea4f6ed

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin: https://www.reuters.com

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 71 KB
71 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee0768f9d2def8b13df284410776f5d755109e77b5c0ca17d8895f65b343a0cd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin: https://www.reuters.com

Response headers

Content-Type: application/font-woff

GET
H2 200 evidon-sitenotice-tag.js Show response
c.evidon.com/sitenotice/ 56 KB
15 KB 69ms
24ms Script
application/x-javascript 104.111.252.228
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-252-228.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 731ebb6e8eb86eb45b6e7269a9374d1ac90533bfca3a81774dfe51f84fee2f92

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 14733
last-modified: Wed, 05 Aug 2020 19:47:31 GMT
server: AkamaiNetStorage
etag: "9ed00dc4b4ef73cfa3427a0b9764a8d0:1596656851.752407"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Thu, 13 Aug 2020 22:26:24 GMT

GET
H2 200 country.js Show response
c.evidon.com/geo/ 294 B
477 B 80ms
35ms Script
application/x-javascript 104.111.252.228
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/country.js
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-252-228.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 39699ef2ff7f4cfc54b00ba69dbc53473370396c94a44cb770e2e6fb09310168

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
last-modified: Sat, 14 Mar 2020 23:38:16 GMT
server: AkamaiNetStorage
status: 200
etag: "5dbb6cae5cbc58bc9b615e88f73e0b65:1584229096.969986"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 200

GET
H2 200 snthemes.js Show response
c.evidon.com/sitenotice/1237/ 48 KB
4 KB 80ms
36ms Script
application/x-javascript 104.111.252.228
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/1237/snthemes.js
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-252-228.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 78d7768fb1213eced669894455aac7c1bfb17452b25ef69859ab7617cb85856f

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 3701
last-modified: Fri, 26 Jun 2020 14:04:50 GMT
server: AkamaiNetStorage
etag: "250e5fd831f93b742b230a49f56ee029:1593180290.533778"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Thu, 13 Aug 2020 22:26:24 GMT

GET
H2 200 settings.js Show response
c.evidon.com/sitenotice/1237/reuters/ 19 KB
3 KB 81ms
36ms Script
application/x-javascript 104.111.252.228
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/1237/reuters/settings.js
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-252-228.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7962dce1427363ac8964c27e8a221d2b6f320fa55f7e32df3508b288d99ff915

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 2681
last-modified: Wed, 01 Jul 2020 02:14:34 GMT
server: AkamaiNetStorage
etag: "ab26685e301ed5649625ade2ef42d4cf:1593569674.617377"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Thu, 13 Aug 2020 22:26:24 GMT

GET
H/1.1 200
OK service Show response
usasync01.admantx.com/admantx/ 467 B
663 B 396ms
94ms XHR
text/plain 2406:da00:ff00::36eb:b8ea
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://usasync01.admantx.com/admantx/service?request=%7B%22key%22%3A%22234330834c41105ad5ed794fa036e085b40225c44f9228bb9e2692f427917605%22%2C%20%22decorator%22%3A%22template.reuters_ss%22%2C%20%22filter%22%3A%5B%22default%22%5D%2C%20%22method%22%3A%22descriptor%22%2C%20%22mode%22%3A%22async%22%2C%20%22type%22%3A%22URL%22%2C%20%22body%22%3A%22https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W%22%7D
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2406:da00:ff00::36eb:b8ea Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: bb56e9cb6a9934d4d3c871e6aa711d2168e0c74c02cc3388539fe50e57091dca

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 12 Aug 2020 22:26:24 GMT
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 467
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK iasPET.1.js Show response
cdn.adsafeprotected.com/ 22 KB
7 KB 94ms
22ms Script
application/javascript 13.226.155.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adsafeprotected.com/iasPET.1.js
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.74 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-74.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 54138d578ed166d5381db70b3dd14a16830233553b6e4213402bae2fdb0564b4

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 12 Aug 2020 01:13:50 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 08 Jul 2020 20:34:30 GMT
Server: AmazonS3
Age: 76362
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 50f438df6dbb947f3e4702890bc9cc06.cloudfront.net (CloudFront)
Cache-Control: max-age=604800
Transfer-Encoding: chunked
X-Amz-Cf-Pop: DUS51-C1
X-Amz-Cf-Id: pxGLnrQKkNreI65PtX72h20QFrpj8l3Xx83HKSAQrn4IgCUnd_IwCA==

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/ 456 KB
96 KB 108ms
32ms Script
text/javascript 13.226.145.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.145.149 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-145-149.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d2fe32d253b1c23c584887a2d05bba8d56ad3b233081d190be436c70209ead2

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: YOeClGqZQucGhTexskvvImiIs1YTWvjr
content-encoding: gzip
etag: "b571ddcfce959fdfb468fd0182ffb999"
age: 272
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-length: 98102
access-control-allow-origin: *
last-modified: Fri, 31 Jul 2020 18:21:37 GMT
server: AmazonS3
date: Wed, 12 Aug 2020 22:21:53 GMT
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
via: 1.1 987c00b911316df568db602f83876a8e.cloudfront.net (CloudFront)
cache-control: public, max-age=300
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: 0KuId2SIDKpfxQB5xnOEV9xOxweWBdmXbTS9NIoWSZBwQiytwKDzBQ==

GET
H2 200 contextfeed.js Show response
www.dianomi.com/js/ 13 KB
4 KB 74ms
33ms Script
application/javascript 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/js/contextfeed.js?

Requested by

Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/article.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4dfb7c925e9a341c587ecc6af346f2cf875c63da4609858353eed31324e7ac48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4051
cf-polished: origSize=16301
status: 200
x-xss-protection: 1; mode=block
last-modified: Fri, 12 Jun 2020 10:37:13 GMT
server: cloudflare
etag: W/"3fad-5a7e0a8fd0bd3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
expires: Thu, 13 Aug 2020 02:26:24 GMT
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-request-id: 0486612bef0000bf4604988200000001
cf-ray: 5c1d9e264a88bf46-AMS
cf-bgj: minify

GET
H2 200 breakingNews Show response
www.reuters.com/assets/ 1 B
401 B 127ms
126ms Fetch
application/json 13.226.155.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reuters.com/assets/breakingNews?view=json
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.90 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-90.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
browser-expires: Wed, 12 Aug 2020 22:26:24 GMT
server: nginx
x-amz-cf-pop: DUS51-C1
status: 200
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: http://admin.reuters.com
access-control-allow-headers: Access-Control-Allow-Origin,charset
content-length: 1
via: 1.1 0406d08716a9781a5c19ff86db2debd3.cloudfront.net (CloudFront)
x-amz-cf-id: QmLn0eb9fXuPuSY3k_UylNp0V4QxMy6vHTIPpaeCHSimuQ2USPcevA==
expires: Wed, 12 Aug 2020 22:31:24 GMT

GET
H2 200 /
s3.reutersmedia.net/resources/r/ 43 KB
43 KB 29ms
28ms Image
image/jpeg 13.226.155.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.reutersmedia.net/resources/r/?m=02&d=20200731&t=2&i=1527877045&r=LYNXNPEG6U1D5&w=1280
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-12.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 0541539bf2c978c0ddec342e71cdeeb6c741a149356dcf13a01ae4217d28e46b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: oObRweTrk8_OxeCSFKAdYD7GOFpoZAsA
via: 1.1 e7b88cadf742e342f39f17392af35c4f.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 15:03:52 GMT
server: nginx
age: 43424
etag: "9820f131d19eb65a082f3c146a2cb7b4"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
date: Wed, 12 Aug 2020 10:22:40 GMT
x-amz-cf-pop: DUS51-C1
content-length: 43556
x-amz-cf-id: 7sBTiuyvbDgOdRoZrZK4HJFknUbNHlobreS4njb-dCPVA3ZwfbOWdQ==

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 195 B
482 B 26ms
6ms XHR
application/json 2a04:4e42:1b::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=reuters.com&domain=reuters.com&path=%2Farticle%2Fus-cyber-cwt-ransom-idUSKCN24W25W
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::714 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cfd0da29a6d34ea44fb0035a3a1b409a4a66c091fb0f143ea2f73a643c3f8cef

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
age: 1419
x-cache: HIT
status: 200
x-cache-hits: 1
content-length: 161
x-served-by: cache-hhn4070-HHN
access-control-allow-origin: *
x-timer: S1597271184.409356,VS0,VE0
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Mon, 10 Aug 2020 22:02:45 GMT

GET
H2 200 reuters.js Show response
tru.am/scripts/custom/ 1 KB
1 KB 41ms
25ms Script
application/javascript 2606:4700:20::681a:274
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tru.am/scripts/custom/reuters.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:274 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f23d93c9b8e3ca26f6fcc6be6a8d087e43a3f5795daa3c61017071642f66f3c

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 2231535
x-guploader-uploadid: AAANsUlK-rhqWIaSronpM69LDK3tSKdIlWTr545LHnYUXX1YBJwnHqKhyvJA1BK1p6ChhuoYauFsuyxDZP87axzJFw
x-goog-storage-class: REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0486612c1900009ab05c263200000001
last-modified: Fri, 19 Apr 2019 06:14:57 GMT
server: cloudflare
etag: W/"40b7d4de06dae04ec0d6537ef2f54db8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=e3JHUg==, md5=QLfU3gba4E7A1lN+8vVNuA==
x-goog-generation: 1555654497328861
content-type: application/javascript
cache-control: public, max-age=2678400
x-goog-stored-content-length: 1056
cf-ray: 5c1d9e268fa29ab0-FRA
expires: Sat, 18 Jul 2020 03:34:09 GMT

GET
H2 200 load Show response
experience.tinypass.com/xbuilder/experience/ 4 KB
1 KB 35ms
15ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://experience.tinypass.com/xbuilder/experience/load?aid=TIDovF4cqC
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd1dc64fac45e75fffefbd76f176c6ea118ab79b88b3efddc5642d4e7c76d4fe

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 1609
p3p: CP="NON DSP COR OUR IND"
status: 200
x-forwarded-https: on
cf-request-id: 0486612c1e00000614473fb200000001
x-request-id: Cb31zeqkEsp
wn: prod-exp-10-0-113-165
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: accept-encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=1800
cf-ray: 5c1d9e2698fe0614-FRA
expires: Wed, 12 Aug 2020 22:56:24 GMT

GET
H2 200 en.js Show response
c.evidon.com/sitenotice/1237/translations/ 65 KB
6 KB 26ms
26ms Script
application/x-javascript 104.111.252.228
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/1237/translations/en.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-252-228.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 0301abe27c75fe3b60eff31ce1d31238c9b84d4f36c037bacf0a8656b6a6fb45

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 5633
last-modified: Wed, 01 Jul 2020 01:41:52 GMT
server: AkamaiNetStorage
etag: "e21cd11f7f077dfa60a4974f4e56a950:1593567712.14839"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Thu, 13 Aug 2020 22:26:24 GMT

GET
H2 200 context.pl Show response
www.dianomi.com/cgi-bin/ 2 KB
535 B 50ms
50ms XHR
application/json 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/cgi-bin/context.pl?id=4&h=www.reuters.com

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38f82a586c4984fdc89697da37dac16d17ed9c1d619510ed32991778b3e21b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/json; charset=ISO-8859-1
access-control-allow-origin: https://www.reuters.com
x-xss-protection: 1; mode=block
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 5c1d9e278b29bf46-AMS
cf-request-id: 0486612cb90000bf4604999200000001
expires: Wed, 12 Aug 2020 22:27:24 GMT

GET
H2 200 tinypass.min.js Show response
cdn.tinypass.com/api/ 385 KB
121 KB 33ms
32ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tinypass.com/api/tinypass.min.js
Requested by: Host: experience.tinypass.com
URL: https://experience.tinypass.com/xbuilder/experience/load?aid=TIDovF4cqC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad590c30e8e0ef2b2539b0f1a7e4e4da38a6a7b2a8b3f88048338c22da590253

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 50
p3p: CP="NON DSP COR OUR IND"
status: 200
x-forwarded-https: on
cf-request-id: 0486612cb50000061447006200000001
wn: prod-dash-10-0-127-211
last-modified: Tue, 11 Aug 2020 16:55:24 GMT
server: cloudflare
etag: W/"394506-1597164924000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
server-time: 0.000
cache-control: public, max-age=300
cf-ray: 5c1d9e278ad00614-FRA
expires: Wed, 12 Aug 2020 22:31:24 GMT

GET
H2 200 ta-pagesocial-sdk.js Show response
tru.am/scripts/ 35 KB
12 KB 15ms
15ms Script
application/javascript 2606:4700:20::681a:274
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Requested by: Host: tru.am
URL: https://tru.am/scripts/custom/reuters.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:274 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b8d8ef7fec86e16424f0c6be7f0471a0c29256e074e1336d92876ddb4bc09ff

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 2231549
x-guploader-uploadid: AAANsUlz9Yip85RfgS4jGavu6PDS8YEyP7WdDck7YcMKysD_x9qSJ9Qiyi4E5v-ygmEAlwDD_aGRLlN8Bnsmjdj3lw
x-goog-storage-class: REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0486612cb400009ab05c269200000001
last-modified: Fri, 19 Apr 2019 06:14:55 GMT
server: cloudflare
etag: W/"942d5ae1e512ccdf18813550428dd002"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=O7AZFg==, md5=lC1a4eUSzN8YgTVQQo3QAg==
x-goog-generation: 1555654495662585
content-type: application/javascript
cache-control: public, max-age=2678400
x-goog-stored-content-length: 35540
cf-ray: 5c1d9e27883e9ab0-FRA
expires: Sat, 18 Jul 2020 03:33:55 GMT

GET
H2 200 ads.js Show response
www.reuters.com/ 112 B
524 B 58ms
57ms Script
text/javascript 13.226.155.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reuters.com/ads.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.90 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-90.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 7464555aae6d8d87b77f7170fba1698ff64f7454ded58627ca1819246e9a9969

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
server: nginx
age: 183
status: 200
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: http://admin.reuters.com
x-amz-cf-pop: DUS51-C1
access-control-allow-headers: Access-Control-Allow-Origin,charset
content-length: 116
via: 1.1 0406d08716a9781a5c19ff86db2debd3.cloudfront.net (CloudFront)
x-amz-cf-id: HJRXA_KilBWQhuVe41979eACg7xaMie1DrFkN_brjFa9EqkO5LXqYg==
expires: Wed, 12 Aug 2020 22:23:21 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 74 KB
29 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-KBK7743&cid=1223394218.1597271184

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e58b5f1ec0b366d5af022fc6580f518062cd5de023870bb4881cc7936cb4da06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29818
x-xss-protection: 0
last-modified: Wed, 12 Aug 2020 21:52:18 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 12 Aug 2020 22:26:24 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
970 B 6ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:23:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 156
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Wed, 12 Aug 2020 23:23:48 GMT

GET
H2 200 evidon-barrier.js Show response
c.evidon.com/sitenotice/ 14 KB
4 KB 22ms
21ms Script
application/x-javascript 104.111.252.228
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/evidon-barrier.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-252-228.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 33a31901a144a24e7f7153b2ec965007bb58abea0129ec9e7691d468f959569b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 4195
last-modified: Wed, 05 Aug 2020 19:47:32 GMT
server: AkamaiNetStorage
etag: "7f2ec5e4f730c536377c12dea517d463:1596656852.545031"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Thu, 13 Aug 2020 22:26:24 GMT

GET
H2 200 iabevidonmapping.js Show response
iabmap.evidon.com/ 8 KB
3 KB 60ms
9ms Script
application/javascript 2600:9000:2182:5a00:10:27b4:f500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://iabmap.evidon.com/iabevidonmapping.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:5a00:10:27b4:f500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 21a22ffbb31ae72c9efc1970ad750dc83454831721ca163bc6cda04dae21a7d7

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 10:53:59 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 19:37:07 GMT
server: AmazonS3
age: 41546
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: wlf10ApxY85dCLt4WA6fWTaMA3siPNO1QMQNWOhIoEws-JQEUrN1Jw==
via: 1.1 e542677c3bd2d6c30a5ed3dab78f8476.cloudfront.net (CloudFront)

GET
H2 200 evidon-cmp.js Show response
c.evidon.com/sitenotice/ 22 KB
7 KB 23ms
23ms Script
application/x-javascript 104.111.252.228
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-252-228.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 15b35c3833a358a2d4da3777fc699f98434d8ad633f05f18b0189ff9425d6ec6

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 6629
last-modified: Wed, 05 Aug 2020 19:47:32 GMT
server: AkamaiNetStorage
etag: "e61a04bf376822e01eb2bff13a2813cd:1596656852.758443"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Thu, 13 Aug 2020 22:26:24 GMT

GET
H2 204 2
l.betrad.com/site/v3/1237/5669/8/1/3/ 0
120 B 338ms
111ms Image
text/plain 54.208.250.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/1237/5669/8/1/3/2?consent=0
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.208.250.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-208-250-186.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H2 200 dianomi-context.css
www.dianomi.com/partner/dianomi/css/ 169 B
272 B 29ms
29ms Stylesheet
text/css 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/partner/dianomi/css/dianomi-context.css?v=1.1

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99781410070a5dd4d753fdb8a46f4272082b5be64541dcfcb1b2d3c4aea09c6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7075
cf-polished: origSize=199
status: 200
x-xss-protection: 1; mode=block
last-modified: Mon, 21 Jan 2019 12:43:41 GMT
server: cloudflare
etag: W/"c7-57ff735e16ce7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
expires: Thu, 13 Aug 2020 02:26:24 GMT
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-request-id: 0486612d180000bf46049a3200000001
cf-ray: 5c1d9e282b83bf46-AMS
cf-bgj: minify

GET
H2 200 smartads.epl
www.dianomi.com/ Frame A138 0
0 78ms
77ms Document
text/html 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/smartads.epl?id=4728&num_ads=5&shuffle=0&cf=545.4.Reuters%20Feed&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.dianomi.com
:scheme: https
:path: /smartads.epl?id=4728&num_ads=5&shuffle=0&cf=545.4.Reuters%20Feed&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status: 200
date: Wed, 12 Aug 2020 22:26:24 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d793e1cb50c3cc38fcc403b1b1ebceefe1597271184; expires=Fri, 11-Sep-20 22:26:24 GMT; path=/; domain=.dianomi.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
access-control-allow-credentials: true
expires: now
pragma: no-cache
cache-control: no-cache,no-store,private
link: </img/a/pss/2649/23.css>;rel=preload;as=style
cf-cache-status: DYNAMIC
cf-request-id: 0486612d1c0000bf46049a5200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c1d9e282b8abf46-AMS
content-encoding: br
cf-h2-pushed: </img/a/pss/2649/23.css>

GET
H2 200 videofeed-combined.js Show response
www.dianomi.com/js/ 22 KB
5 KB 27ms
27ms Script
application/javascript 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/js/videofeed-combined.js?id=123

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ed44c518b79ec0c24d13803371365e67d6ca02829631e0dad366850fd466044

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5644
cf-polished: origSize=32520
status: 200
x-xss-protection: 1; mode=block
last-modified: Wed, 12 Aug 2020 12:48:38 GMT
server: cloudflare
etag: W/"7f08-5acad9b4df871"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
expires: Thu, 13 Aug 2020 02:26:24 GMT
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-request-id: 0486612d1a0000bf46049a4200000001
cf-ray: 5c1d9e282b87bf46-AMS
cf-bgj: minify

GET
H2 200 recirculation.epl
www.dianomi.com/ Frame 5D08 0
0 70ms
63ms Document
text/html 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/recirculation.epl?id=98&cf=545.4.Reuters%20Feed

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.dianomi.com
:scheme: https
:path: /recirculation.epl?id=98&cf=545.4.Reuters%20Feed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status: 200
date: Wed, 12 Aug 2020 22:26:24 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d793e1cb50c3cc38fcc403b1b1ebceefe1597271184; expires=Fri, 11-Sep-20 22:26:24 GMT; path=/; domain=.dianomi.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
cf-request-id: 0486612d220000bf46049a6200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c1d9e283b95bf46-AMS
content-encoding: br

GET
H2 200 recirculation.epl
www.dianomi.com/ Frame A859 0
0 62ms
61ms Document
text/html 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/recirculation.epl?id=99&start=6&cf=545.4.Reuters%20Feed

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.dianomi.com
:scheme: https
:path: /recirculation.epl?id=99&start=6&cf=545.4.Reuters%20Feed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status: 200
date: Wed, 12 Aug 2020 22:26:24 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d793e1cb50c3cc38fcc403b1b1ebceefe1597271184; expires=Fri, 11-Sep-20 22:26:24 GMT; path=/; domain=.dianomi.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
cf-request-id: 0486612d270000bf46049a9200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c1d9e283ba0bf46-AMS
content-encoding: br

GET
H2 200 lazyload.iife.min.js Show response
cdnjs.cloudflare.com/ajax/libs/vanilla-lazyload/10.20.1/ 5 KB
2 KB 12ms
10ms Script
application/javascript 2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/vanilla-lazyload/10.20.1/lazyload.iife.min.js

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c514d4fb8244af230a89d2203522c6a67a55a3f161cfd4fca9f53301c0588ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 11233115
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0486612d220000d6b92b21b200000001
served-in-seconds: 0.003
timing-allow-origin: *
last-modified: Sun, 17 Feb 2019 22:45:51 GMT
server: cloudflare
etag: W/"5c69e41f-14cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5c1d9e2838c1d6b9-FRA
expires: Mon, 02 Aug 2021 22:26:24 GMT

GET
H2 200 dianomi-max-200x38.png
www.dianomi.com/img/ 1 KB
1 KB 23ms
22ms Image
image/webp 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.dianomi.com/img/dianomi-max-200x38.png

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70503c92bcbb8105d95ec4de2012f23098c3383586e95323e4b3384b56af4beb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 197110
cf-polished: origFmt=png, origSize=3940
status: 200
content-disposition: inline; filename="dianomi-max-200x38.webp"
content-length: 1164
x-xss-protection: 1; mode=block
last-modified: Wed, 29 Jul 2020 16:53:11 GMT
server: cloudflare
etag: "f64-5ab97641e5c82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Sat, 12 Sep 2020 08:26:24 GMT
cache-control: public, max-age=2628000
access-control-allow-credentials: true
cf-request-id: 0486612d270000bf46049aa200000001
accept-ranges: bytes
cf-ray: 5c1d9e283ba2bf46-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 pixeltrack.pl
www.dianomi.com/cgi-bin/ 77 B
224 B 40ms
39ms Image
image/gif 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.dianomi.com/cgi-bin/pixeltrack.pl?cf=545.4.Reuters%20Feed

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4fa79afcf5a5cc5a0f12dedaf825f11530e6397d723fe7044cd37ba3c248e57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:24 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
status: 200
content-length: 77
cf-request-id: 0486612d270000bf46049ab200000001
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif; charset=ISO-8859-1
access-control-allow-origin: *
x-xss-protection: 1; mode=block
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 5c1d9e283ba3bf46-AMS
expires: Tue, 11 Aug 2020 22:26:24 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 134 KB
34 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34269
x-xss-protection: 0
pragma: public
x-fb-debug: tOow3KZ6OfZO4McBbEg5hX/5NV0UTwK+NCCRDGIiY0RQLCxpb0YI4pZIL/GxOQFs7yHBgvNqidJNx7NE0QFiJQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Wed, 12 Aug 2020 22:26:24 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 49 KB
49 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45610b21279531a97f9566b0f0f8a1d287a45ae4bc6bc545971af5cd7e393cc6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin: https://www.reuters.com

Response headers

Content-Type: application/font-woff

GET
H2 204 61500
l.betrad.com/site/v3/1237/5669/8/1/3/2/ 0
120 B 153ms
111ms Image
text/plain 54.208.250.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/1237/5669/8/1/3/2/61500?consent=0
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.208.250.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-208-250-186.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Wed, 12 Aug 2020 22:26:24 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 64ms
20ms Script
application/x-javascript 104.111.238.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-238-139.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 12 Aug 2020 22:26:25 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Thu, 13 Aug 2020 22:26:25 GMT

GET
H2 200 gwiq.js Show response
gwiqcdn.globalwebindex.net/gwiq/ 6 KB
6 KB 43ms
14ms Script
application/javascript 35.201.93.216
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gwiqcdn.globalwebindex.net/gwiq/gwiq.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.93.216 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 216.93.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 6aa7c3edbc1ee1fe66d4db0fea18aa2d0bbe0dfae05d228c9ffeeaeacb6f1c53

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:20:22 GMT
age: 362
x-guploader-uploadid: AAANsUlGASgIxS5Q7_Byyr5TzNRhSi1EnglgmXPvNZ4j-FgRY_boV4k3fX4laD1QKvjLWUN2i85_-5CUKHmdLG1K61A
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 5766
last-modified: Wed, 15 Apr 2020 08:49:27 GMT
server: UploadServer
etag: "aba61abde9777087262fb27526ba1ef6"
x-goog-hash: crc32c=yYfjgA==, md5=q6Yavel3cIcmL7J1Jroe9g==
x-goog-generation: 1586940567400828
cache-control: public, max-age=3600
x-goog-stored-content-length: 5766
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 12 Aug 2020 23:20:22 GMT

GET
H2 200 bidexchange.js Show response
contextual.media.net/ 440 KB
124 KB 89ms
49ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1

Requested by

Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9edaa3db7432fefa25c22c8e5027a9783456df9fa6c8e4512393162e10dbe58a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Wed, 12 Aug 2020 22:26:25 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=1800
expires: Wed, 12 Aug 2020 22:56:25 GMT

POST
H2 200 beacon
beacon.tru.am/ 0
0 157ms
139ms Fetch 2606:4700:20::681a:274
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.tru.am/beacon
Requested by: Host: tru.am
URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:274 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:25 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
access-control-allow-origin: https://www.reuters.com
cache-control: no-cache, private, max-age=0
cf-ray: 5c1d9e2a4e861f35-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
cf-request-id: 0486612e6e00001f35b0a1c200000001
expires: Thu, 01 Jan 1970 00:00:00 UTC

POST
H2 200 execute Show response
experience.tinypass.com/xbuilder/experience/ 2 KB
2 KB 117ms
116ms XHR
application/json 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://experience.tinypass.com/xbuilder/experience/execute?aid=TIDovF4cqC
Requested by: Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9cb97ccc36a6396dadf47d7c14dabee0dc93ea9a981488346f67f673691cdda

Request headers

Accept: */*
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
content-encoding: br
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
status: 200
x-forwarded-https: on
cf-request-id: 0486612e820000061447020200000001
x-request-id: C1c2zeq5a0p
pragma: no-cache
wn: prod-exp-10-0-84-86
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reuters.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 5c1d9e2a68dc0614-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 61500
l.betrad.com/site/v3/1237/5669/8/5/3/2/ 0
120 B 114ms
114ms Image
text/plain 54.208.250.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/1237/5669/8/5/3/2/61500?consent=0
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.208.250.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-208-250-186.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Wed, 12 Aug 2020 22:26:25 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H2 200 vendorlist.json Show response
www.reuters.com/json/api/ 89 KB
89 KB 128ms
128ms XHR
application/json 13.226.155.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reuters.com/json/api/vendorlist.json
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.90 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-90.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 61c564503fd8c3d2e54685465eaac1999b423c7a7c85fc40f6ac16fc95b44110

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
browser-expires: Wed, 12 Aug 2020 22:26:25 GMT
server: nginx
x-amz-cf-pop: DUS51-C1
status: 200
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Access-Control-Allow-Origin,charset
x-amz-cf-id: SAWK6VQOSc3HlDkT8GS2rfmj3wbdArBuYixttwn4pbgvsS4ThzTdLA==
via: 1.1 0406d08716a9781a5c19ff86db2debd3.cloudfront.net (CloudFront)
expires: Wed, 12 Aug 2020 22:27:25 GMT

GET
DATA 200
OK truncated
/ 38 B
38 B Other
image/webp

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 smartads_video_json.pl Show response
www.dianomi.com/cgi-bin/ 3 B
356 B 57ms
57ms XHR
application/json 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/cgi-bin/smartads_video_json.pl?id=4729&cf=545.4.Reuters%20Feed

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/videofeed-combined.js?id=123

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.reuters.com
x-xss-protection: 1; mode=block
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, pre-check=0, post-check=0
access-control-allow-credentials: true
cf-ray: 5c1d9e2abd99bf46-AMS
cf-request-id: 0486612eb10000bf46049d2200000001

GET
H2 200 vendorlist.json Show response
www.reuters.com/json/api/ 89 KB
89 KB 133ms
133ms XHR
application/json 13.226.155.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reuters.com/json/api/vendorlist.json
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.90 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-90.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 61c564503fd8c3d2e54685465eaac1999b423c7a7c85fc40f6ac16fc95b44110

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
browser-expires: Wed, 12 Aug 2020 22:26:25 GMT
server: nginx
x-amz-cf-pop: DUS51-C1
status: 200
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Access-Control-Allow-Origin,charset
x-amz-cf-id: CLPdDEdJcqlMhVXMrY84ScUblRikN7q4kwNhOgln-EoD7v4315RHVA==
via: 1.1 0406d08716a9781a5c19ff86db2debd3.cloudfront.net (CloudFront)
expires: Wed, 12 Aug 2020 22:27:25 GMT

GET
H2 200 312961195854690 Show response
connect.facebook.net/signals/config/ 525 KB
132 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/312961195854690?v=2.9.23&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

887acf8d48deb6cf8681da13ee39f83b4692d894caf76d56ddcb4ab10cd5fbc4

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 135382
x-xss-protection: 0
pragma: public
x-fb-debug: BkyfJIcIcEOgNOTKKIxl/ywayJM1WQyDg+y3y/Bp4J0Dw0WJhRm3SFr5YUzm9VXlxxufQnHhPauvLvBykM0b1g==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Wed, 12 Aug 2020 22:26:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 article-recirc Show response
sope.prod.reuters.tv/program/rcom/v1/ 13 KB
13 KB 115ms
107ms Fetch
application/json 2600:1f18:624f:b000:1a0c:44be:c431:52fe
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sope.prod.reuters.tv/program/rcom/v1/article-recirc?edition=us&pageid=USKCN24W25W&modules=rightrail,ribbon,bottom
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:624f:b000:1a0c:44be:c431:52fe Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 037794227828d971b4b969d8d862fb7091858d68cb81421a5ff2ad96b829bef8

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
seq: 44bf7ccf-6f95-4fe4-934f-56d17976c60b

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
x-origin: i-05bcab1ca82367d47.sope.prod.us.reuters.tv
server: nginx/1.14.0 (Ubuntu)
x-amzn-trace-id: Root=1-5f346c91-e273002043c6751bf3bd48de
status: 200
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: connection, range, accept-encoding, user-agent, referer, seq
content-length: 13473

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=6035630&ns__t=1597271185102&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20crimina...
https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1597271185102&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20crimin...

0
248 B

23ms
23ms

Image
text/plain

104.111.238.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1597271185102&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9=&cs_ak_ss=1
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-238-139.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Aug 2020 22:26:25 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1597271185102&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Wed, 12 Aug 2020 22:26:25 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tc.js Show response
contextual.media.net/ 11 KB
7 KB 35ms
35ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/tc.js?&tpkey=TB4M82W&size=300x250&v=19&nat=1&https=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

3c0d27b79bfe51d6abbc99eb79bd7731804fa80823d85bce422ee364185c6126

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Wed, 12 Aug 2020 22:26:25 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=127310
content-length: 6573
expires: Fri, 14 Aug 2020 09:48:15 GMT

GET
H2 200 tc.js Show response
contextual.media.net/ 13 KB
8 KB 34ms
34ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/tc.js?&tpkey=T645KQG&size=728x90&v=19&nat=1&https=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d27b59be0fa35fd199035fb3d095a553cf11e6c7b44d583b2942650fc3da5977

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Wed, 12 Aug 2020 22:26:25 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=127310
content-length: 7712
expires: Fri, 14 Aug 2020 09:48:15 GMT

GET
H2 200 px.gif
contextual.media.net/ 43 B
206 B 20ms
20ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/px.gif?&ch=1&vn=1

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
last-modified: Wed, 19 Jul 2017 10:11:12 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/gif
status: 200
cache-control: max-age=1022201
accept-ranges: bytes
content-length: 43
expires: Mon, 24 Aug 2020 18:23:06 GMT

GET
H/1.1 200
OK px.gif
s.mnet-ad.net/ 43 B
355 B 381ms
128ms Image
image/gif 66.81.204.228
CONFLUENCE-NETWOR...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.mnet-ad.net/px.gif?&ch=2&vn=1
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 66.81.204.228 , Virgin Islands (British), ASN40034 (CONFLUENCE-NETWORK-INC, VG),
Reverse DNS
Software: Apache /
Resource Hash: 8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 12 Aug 2020 22:26:25 GMT
Last-Modified: Wed, 19 Jul 2017 10:11:12 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=91
Content-Length: 43
Expires: Wed, 26 Aug 2020 22:26:25 GMT

GET
H2 200 intersection-observer.js Show response
www.dianomi.com/js/ 13 KB
4 KB 26ms
26ms Script
application/javascript 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/js/intersection-observer.js

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/videofeed-combined.js?id=123

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8567ea9f657a5f2ea1633ec26b13de309f60f0921a278db2a9be91d2e48984e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1957
cf-polished: origSize=29813
status: 200
x-xss-protection: 1; mode=block
last-modified: Thu, 21 May 2020 13:02:02 GMT
server: cloudflare
etag: W/"7475-5a6281e5fc48b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
expires: Thu, 13 Aug 2020 02:26:25 GMT
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-request-id: 0486612f4d0000bf46049d9200000001
cf-ray: 5c1d9e2bae33bf46-AMS
cf-bgj: minify

GET
H2 200 rtbsspub
cdneu-xch.media.net/AdExchange/ 50 KB
51 KB 58ms
27ms EventSource
text/event-stream 23.62.140.165
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdneu-xch.media.net/AdExchange/rtbsspub?&gdpr=1&gdprconsent=0&usp_enf=1&usp_status=0&us_privacy=1---&cid=8CUF1VN4G&region=eu&ptrid=8PRL4E7N3&requestString=391166652*4%7C300x600%7C8CUD609M7%7C362622121%7C%7C%7C1%40391166652*23%7C300x250~300x600%7C8CUF1VN4G%7C12762257~12762257%7C%7C%7C1%40391166652*29%7C300x250~300x600%7C11384%7C31484_123996_15~31484_123996_10%7C%7C%7C1%40391166652*51%7C300x250~300x600%7C973973%7C11084976~11084976%7C0.07%7C%7C1%40391166652*59%7C300x250~300x600%7C8CUF1VN4G%7C_112891~_112891%7C0.07%7C%7C1%40391166652*74%7C300x250~300x600%7C1113800%7C12209207~12209207%7C%7C%7C1%40391166652*84%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652%7C%7C%7C3%40391166652*97%7C300x250~300x600%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C0.63%7C%7C1%40391166652*108%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*117%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*145%7C300x600~300x250%7C100600%7C147215~147215%7C%7C%7C1%40391166652*172%7C300x250~300x600%7C8CUF1VN4G%7C15331955~15331955%7C0.06%7C%7C1%40391166652*175%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C0.01%7C%7C1%40391166652*178%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*201%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*203%7C300x250~300x600%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*214%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*222%7C300x250~300x600%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*3007%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*3010%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*3015%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652~391166652%7C%7C%7C3%40451439109*9%7C300x250%7C8CUD609M7%7C155187763%7C%7C%7C1%40451439109*23%7C300x250%7C8CUF1VN4G%7C12762293%7C%7C%7C1%40451439109*29%7C300x250%7C11384%7C31484_123998_15%7C%7C%7C1%40451439109*51%7C300x250%7C973973%7C11084979%7C0.07%7C%7C1%40451439109*59%7C300x250%7C8CUF1VN4G%7C_112891%7C0.07%7C%7C1%40451439109*84%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109%7C%7C%7C3%40451439109*97%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C0.63%7C%7C1%40451439109*108%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*117%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*145%7C300x250%7C100600%7C147218%7C%7C%7C1%40451439109*172%7C300x250%7C8CUF1VN4G%7C15331958%7C0.06%7C%7C1%40451439109*175%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C0.01%7C%7C1%40451439109*178%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*203%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*214%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*222%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*3007%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*3010%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*3014%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40518121357*4%7C728x90%7C8CUD609M7%7C996968123%7C%7C%7C1%40518121357*23%7C728x90%7C8CUF1VN4G%7C12762293%7C%7C%7C1%40518121357*29%7C728x90%7C11384%7C31484_123998_2%7C%7C%7C1%40518121357*51%7C728x90%7C973973%7C11084978%7C0.69%7C%7C1%40518121357*59%7C728x90%7C8CUF1VN4G%7C_112891%7C0.07%7C%7C1%40518121357*84%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357%7C%7C%7C3%40518121357*97%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C0.63%7C%7C1%40518121357*108%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C3%40518121357*117%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C3%40518121357*145%7C728x90%7C100600%7C147217%7C%7C%7C1%40518121357*172%7C728x90%7C8CUF1VN4G%7C15331957%7C0.06%7C%7C1%40518121357*175%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C0.01%7C%7C1%40518121357*178%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C1%40518121357*203%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C1%40518121357*214%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C1%40518121357*222%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C1%40518121357*3007%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C3%40518121357*3010%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C3%40518121357*3014%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C3%40612341223*23%7C728x90%7C8CUF1VN4G%7C12762257%7C%7C%7C1%40612341223*29%7C728x90~970x250%7C11384%7C31484_123996_2~31484_123996_57%7C%7C%7C1%40612341223*51%7C728x90%7C973973%7C11084975%7C0.69%7C%7C1%40612341223*59%7C728x90~970x250%7C8CUF1VN4G%7C_112891~_112891%7C0.07%7C%7C1%40612341223*74%7C728x90~970x250%7C1113800%7C12209209~12209209%7C%7C%7C1%40612341223*84%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223%7C%7C%7C3&crid=391166652%2C451439109%2C518121357%2C612341223&sd=-1&requrl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&bl=1&rt=5&dn=https://www.reuters.com&https=1&act=headerBid&prvReqId=210043215784539691597271185185&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.29271096151231424&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A7286%7D&itype=HB&cc=NL&ct=AMSTERDAM&sid=8973&scc=1&tmt=200&section=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&prid=8PRVCXX19&isRefresh=0&switch=1
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.62.140.165 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f64cc3c273bf057f43880fffa4ae342f9311ec87afbc20f19f1a4c033a864b6d

Request headers

Accept: text/event-stream
Cache-Control: no-cache
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:25 GMT
status: 200
content-type: text/event-stream;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *, *
expires: Wed, 12 Aug 2020 22:26:25 GMT

GET
H2 200 rtbsspub
cdneu-xch.media.net/AdExchange/ 18 KB
19 KB 57ms
26ms EventSource
text/event-stream 23.62.140.165
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdneu-xch.media.net/AdExchange/rtbsspub?&gdpr=1&gdprconsent=0&usp_enf=1&usp_status=0&us_privacy=1---&cid=8CUF1VN4G&region=eu&ptrid=8PRL4E7N3&requestString=612341223*9%7C728x90~970x250%7C8CUD609M7%7C813012502~450341239%7C%7C%7C1%40612341223*97%7C728x90~970x250%7C8CUF1VN4G%7C612341223_8CUF1VN4G~612341223_8CUF1VN4G%7C0.63%7C%7C1%40612341223*108%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*117%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*145%7C728x90~970x250%7C100600%7C147214~147214%7C%7C%7C1%40612341223*172%7C728x90~970x250%7C8CUF1VN4G%7C15303527~15303527%7C0.06%7C%7C1%40612341223*175%7C728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C0.01%7C%7C1%40612341223*178%7C728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C1%40612341223*203%7C728x90~970x250%7C8CUF1VN4G%7C612341223_8CUF1VN4G~612341223_8CUF1VN4G%7C%7C%7C1%40612341223*214%7C970x250~728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G~612341223_8CUF1VN4G%7C%7C%7C1%40612341223*222%7C728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C1%40612341223*3007%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*3010%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*3015%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223~612341223%7C%7C%7C3%40894667540*9%7C300x250%7C8CUD609M7%7C611759711%7C%7C%7C1%40894667540*59%7C300x250%7C8CUF1VN4G%7C_112891%7C0.07%7C%7C1%40894667540*97%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C0.63%7C%7C1%40894667540*175%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C0.01%7C%7C1%40894667540*178%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*201%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*203%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*214%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*222%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1&crid=612341223%2C894667540&sd=-1&requrl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&bl=1&rt=5&dn=https://www.reuters.com&https=1&act=headerBid&prvReqId=206888866438625301597271185203&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.9420107569966163&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A7286%7D&itype=HB&cc=NL&ct=AMSTERDAM&sid=8973&scc=1&tmt=200&section=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&prid=8PRVCXX19&isRefresh=0
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.62.140.165 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0aaaaf59ff20ac0c80aa742192766336429d949b55166da6ba05d8234a8d67de

Request headers

Accept: text/event-stream
Cache-Control: no-cache
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:25 GMT
status: 200
content-type: text/event-stream;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *, *
expires: Wed, 12 Aug 2020 22:26:25 GMT

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 99 KB
18 KB 63ms
42ms XHR
application/json 2600:9000:2182:6a00:1:af78:4c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:6a00:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca16dd3adebfcc177d21d8fe9fa1f3f1659479394e1c142b27d96cba5bf85058

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 06 Aug 2020 16:11:52 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 540874
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 06 Aug 2020 16:00:36 GMT
server: AmazonS3
access-control-max-age: 604800
access-control-allow-methods: GET
x-amz-version-id: iUD8pa64KfvldrKJx93Vo4wA6Cnzn4uC
via: 1.1 58dd513f0a53b3e6851a071cb857a706.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: DUS51-C1
content-type: application/json; charset=utf-8
x-amz-cf-id: eIOfGLx0gU5jDhTWfm8J43PxnL8sstZi9qImq_X2uBvC75UlXUOnPA==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 55 KB
19 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c01b4ceb78f1e11f7163091e62124b3f5c0936d8f18d59425748c63b430f77a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "600 / 36 of 1000 / last-modified: 1597270389"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=43200
timing-allow-origin: *
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 18761
x-xss-protection: 0
expires: Wed, 12 Aug 2020 22:26:25 GMT

GET
H2 200 getcookie Show response
evidon.mgr.consensu.org/iab/ 169 B
381 B 347ms
126ms Script
text/javascript 54.156.236.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://evidon.mgr.consensu.org/iab/getcookie
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.236.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-236-131.compute-1.amazonaws.com
Software: /
Resource Hash: 9b133863146a5f391e8cee0842cafc7498ae89b6f79edbecfc842055342c1fe2

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
x-amzn-requestid: b3e6d488-f46c-4e37-ada7-fc408e4d19d6
status: 200
content-type: text/javascript
access-control-allow-origin: *
x-amzn-trace-id: Root=1-5f346c91-c0e4d484136da40cdbe5ad68;Sampled=0
x-amz-apigw-id: RLXmxEp7IAMFTqg=
content-length: 169

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
829 B 35ms
16ms Script
application/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.reuters.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 22:26:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
829 B 36ms
15ms Script
application/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.reuters.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 22:26:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2020080501.js Show response
securepubads.g.doubleclick.net/gpt/ 262 KB
92 KB 103ms
55ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

sffe /

Resource Hash

2a7a5100d1b04b40f49ec3661a2ce57d3af5acbd35497cd946e87912a6c9e021

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 05 Aug 2020 08:42:44 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94052
x-xss-protection: 0
expires: Wed, 12 Aug 2020 22:26:25 GMT

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
141 B 540ms
186ms XHR
application/json 52.11.156.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.segment.io/v1/p
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.156.223 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-156-223.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Wed, 12 Aug 2020 22:26:25 GMT
access-control-allow-origin: https://www.reuters.com
content-length: 21
vary: Origin
content-type: application/json

GET
H2 200 /
www.facebook.com/tr/ 44 B
146 B 7ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=312961195854690&ev=PageView&dl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&rl=&if=false&ts=1597271185495&sw=1600&sh=1200&v=2.9.23&r=stable&a=seg&ec=0&o=30&fbp=fb.1.1597271185494.2019513672&it=1597271185078&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 12 Aug 2020 22:26:25 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
118 B 8ms
6ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&aip=1&a=1481608543&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&dp=%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&ul=en-us&de=UTF-8&dt=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiEAjR~&jid=429935943&gjid=1506523059&cid=1223394218.1597271184&tid=UA-24152976-22&_gid=1061043345.1597271184&cd2=Cyberrisk&cd11=us-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals&cd4=Article%20-%20News&cd32=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&cd8=0&cd10=Slideshow&cd9=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&cd19=Page%20Load&cd7=Desktop&cd6=U.S.&cd5=Article&cd17=Jack%20Stubbs&cd3=Tentpoles%20-%20Cyberrisk&cd1=Tentpoles&cd13=529&cd18=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&cd38=false&cd40=RCOMUS_Cyberrisk&cd41=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&cd42=USKCN24W25W&cd43=KCN24W25W&cd44=4&cd45=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&z=1438828391

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 03:20:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68768
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-24152976-22&cid=1223394218.1597271184&jid=429935943&gjid=1506523059&_gid=1061043345.1597271184&_u=aGDAiEAjR~&z=1479245872
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=1223394218.1597271184&jid=429935943&_v=j83&z=1479245872
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=1223394218.1597271184&jid=429935943&_v=j83&z=1479245872&slf_rd=1&random=538444620

42 B
106 B

16ms
16ms

Image
image/gif

2a00:1450:4001:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=1223394218.1597271184&jid=429935943&_v=j83&z=1479245872&slf_rd=1&random=538444620

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:25 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=1223394218.1597271184&jid=429935943&_v=j83&z=1479245872&slf_rd=1&random=538444620
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0b9ae0631dc9cb1d12dd2eb240ef07bb.png
static.reuters.com/resources_v2/react/cookie-reset-b74/ 22 KB
9 KB 28ms
26ms Image
image/png 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/0b9ae0631dc9cb1d12dd2eb240ef07bb.png
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 9f9104dee58871cdb561e4f139fcf095a2fc1fcb0a7778a964975e6b12059c6a

Request headers

Referer: https://static.reuters.com/resources_v2/react/cookie-reset-b74/article.bundle.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 00:12:58 GMT
content-encoding: gzip
age: 80030
x-cache: Hit from cloudfront
status: 200
content-length: 9050
last-modified: Thu, 06 Aug 2020 21:01:22 GMT
server: nginx
vary: Accept-Encoding
content-type: image/png
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: X86VI-xeaOVPIgxc9RFAazWlcI8_eD1AR8D80abwOKd2AfP5PF3Tag==
expires: Thu, 13 Aug 2020 00:12:35 GMT

GET
H2 200 /
static.reuters.com/resources/r/ 2 KB
2 KB 30ms
28ms Image
image/jpeg 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources/r/?m=02&d=20200812&t=2&i=1529399733&r=LYNXNPEG7B0P3&w=120
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 6f4ae319a9f80c61a3c9734248d8be481ae430185443f3b2747bc1b4f617cc8f

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 21:31:11 GMT
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Sat, 12 Sep 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Wed, 12 Aug 2020 21:17:15 GMT
server: nginx
age: 3314
etag: "7bff502a77ef4d417ccc5b02c79a36d3"
x-cache: Hit from cloudfront
x-amz-version-id: f6xlBLFwfiX4dHtmj4I1UbZZbQl4wdKw
status: 200
x-amz-cf-pop: DUS51-C1
content-type: image/jpeg
content-length: 1831
x-amz-cf-id: 1pDLLBJOmS41SN4bXXuwfYkACPuNdcMcXrVmXY0OmVvJximZAz16Ng==

GET
H2 200 /
static.reuters.com/resources/r/ 3 KB
4 KB 29ms
27ms Image
image/jpeg 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources/r/?m=02&d=20200812&t=2&i=1529329016&r=LYNXNPEG7B0PA&w=120
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: deebd915997d1fc20b8c17b0ac9e57a20b84cb44a54858b18d0ad0ee6ea51f5a

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 10:30:10 GMT
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Sat, 12 Sep 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Wed, 12 Aug 2020 10:20:11 GMT
server: nginx
age: 42975
etag: "758ffec099d7a1e63dcb76ef5a815fdd"
x-cache: Hit from cloudfront
x-amz-version-id: 3gjoPXEtuzQ0hPztG09uRglvhBw6By_1
status: 200
x-amz-cf-pop: DUS51-C1
content-type: image/jpeg
content-length: 3453
x-amz-cf-id: Cho36sXG3eu2VskSvgpczBLkyP5jPjNRy6T1U9-mA3FVqZxphyxXVg==

GET
H2 200 /
static.reuters.com/resources/r/ 2 KB
3 KB 29ms
28ms Image
image/jpeg 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources/r/?m=02&d=20200811&t=2&i=1529196472&r=LYNXNPEG7A0N6&w=120
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 62c155232156eb11fcfd2db27dc8304f7c2fd810da25bfa7740ef28b0b156f88

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: msd_zdO3pS8XGXFU0GWNDWAbszZeVy_g
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Fri, 11 Sep 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Tue, 11 Aug 2020 12:27:57 GMT
server: nginx
age: 35475
etag: "34bdde8058497a81615be5df096f5a05"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
date: Wed, 12 Aug 2020 12:35:11 GMT
x-amz-cf-pop: DUS51-C1
content-length: 2177
x-amz-cf-id: Y8DF6JSP4NF4J8Zn4_HRCGgA4dS-LN9-e3XWvIeOzY7VOqmd2v7MGg==

GET
H2 200 /
static.reuters.com/resources/r/ 2 KB
3 KB 24ms
23ms Image
image/jpeg 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources/r/?m=02&d=20200812&t=2&i=1529284349&r=LYNXNPEG7B02O&w=120
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 25adad9ca79b728ee179d70f9f9251b37634f92ddc1421d1e4204b1fbad4e303

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 04:05:22 GMT
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Sat, 12 Sep 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Wed, 12 Aug 2020 02:00:18 GMT
server: nginx
age: 66063
etag: "f4dcc1a43f8e8e69191d9b322c09df72"
x-cache: Hit from cloudfront
x-amz-version-id: nZUmN3Gxuxf9IGq3cUUGVDwbxfhN0JdW
status: 200
x-amz-cf-pop: DUS51-C1
content-type: image/jpeg
content-length: 2257
x-amz-cf-id: NdCzAZVT3Pxr5mMQ1CjGp3JxRqJNTc3tPBjdLqcY7ANQfIc1IdmJ-w==

GET
H2 200 /
static.reuters.com/resources/r/ 3 KB
4 KB 24ms
23ms Image
image/jpeg 13.226.155.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources/r/?m=02&d=20200812&t=2&i=1529400432&r=LYNXNPEG7B1OJ&w=120
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-30.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 67032371580ed843d5a9460d87afa85e4c02983a1dc620b38020d311308f4e59

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 21:40:40 GMT
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Sat, 12 Sep 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Wed, 12 Aug 2020 21:29:12 GMT
server: nginx
age: 2745
etag: "a5e9afa95255b808d9ad6e1f05168034"
x-cache: Hit from cloudfront
x-amz-version-id: Bss26jeXJh963MfHzmHaezzKixPdy1B2
status: 200
x-amz-cf-pop: DUS51-C1
content-type: image/jpeg
content-length: 3342
x-amz-cf-id: JwrEeuWb4NmY8crGkYVCuys6nvXkF3GkS6aMwfo48HBRm_st0euFQQ==

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 324 B
556 B 96ms
34ms XHR
application/json 34.254.6.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:dpslot_mpu_4347176_USKCN24W25W,ss:%5B300.250,300.600,1.1%5D,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=fe387ad6-1a55-2071-aa04-bd59c9a277e5&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.6.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-6-162.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 82daed7708d1b1a062d78f7701eeb7e56b4bf996e6f62721bee237ea93a94237

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
x-server-name: app21.ie.303net.net
status: 200
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 331 B
564 B 97ms
36ms XHR
application/json 34.254.6.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:canvas_leaderboard_1661493340101947_USKCN24W25W,ss:%5B728.90,970.250,970.90,1100.100,1100.90,1100.250,1.1%5D,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=fe387ad6-1a55-2071-aa04-bd59c9a277e5&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.6.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-6-162.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e7f4b1248e2225a0453e0aca2b77809313f343b641520ac1efc5967b9102f0b5

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
x-server-name: app27.ie.303net.net
status: 200
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 56 B
289 B 91ms
31ms XHR
application/json 34.254.6.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:dpslot_connatix_1977653_USKCN24W25W,s:1100,420.1100,400.fluid,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=fe387ad6-1a55-2071-aa04-bd59c9a277e5&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.6.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-6-162.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bf3669795bba5ee81c6defbeb24c48986d4693233ce0964138e897363527c3af

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
x-server-name: app28.ie.303net.net
status: 200
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 289 B
522 B 94ms
35ms XHR
application/json 34.254.6.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:dpslot_bizdev_article_rr2_8964218_USKCN24W25W,ss:%5B300.280,300.250%5D,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=fe387ad6-1a55-2071-aa04-bd59c9a277e5&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.6.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-6-162.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: dda6285e47197327e7e3e9a22b43d82f377248da453ca7aa17eb16648ce3972a

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:25 GMT
x-server-name: app03.ie.303net.net
status: 200
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 103 KB
19 KB 460ms
460ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2301812605164711&correlator=1824426737728527&output=ldjh&impl=fifs&adsid=NT&eid=21066625%2C21066095%2C21066883%2C21066807&vrg=2020080501&rdp=1&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200812&iu_parts=4735792%2Cus.reuters%2Ctentpoles%2Ccyberrisk%2Carticle&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x250%7C300x600%7C1x1%2C728x90%7C970x250%7C970x90%7C1100x100%7C1100x90%7C1100x250%7C1x1%2C320x50%7C1100x420%7C1100x400%2C300x280%7C300x250&fluid=0%2C0%2Cheight%2C0&prev_scp=type%3Dmpu%26div_id%3D4347176%26pixel_distance%3D400%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%26mnetDNB%3D1%26mnetPageID%3D1%26mnetCV%3D3%26mnetCC%3DNL%26mnetUGD%3D4%7Ctype%3Dleaderboard%26div_id%3D1661493340101947%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%26mnetDNB%3D1%26mnetPageID%3D4%26mnetCV%3D3%26mnetCC%3DNL%26mnetUGD%3D4%7Ctype%3Dconnatix%26div_id%3D1977653%26pixel_distance%3D20000%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%7Ctype%3Dbizdev_article_rr2%26div_id%3D8964218%26pixel_distance%3D20000%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%26mnetDNB%3D1%26mnetPageID%3D5%26mnetCV%3D3%26mnetCC%3DNL%26mnetUGD%3D4&cust_params=bidxc%3D1%26admant%3DAccentureAPAC_Negative%252CArtificial_Intelligence%252CBarclays%252CBarclays_2%252CBoeing_Neg%252CBofA_Neg%252CBofA_Neg_Topics%252CCME_Negative%252CCognizant_Coronavirus_3%252CDIT_Negative_kw1%252CDWA-Cisco-Coronavirus%252CExxon_Negative%252CFRB%252CGoldmanSachs%252CIBM%252CJPMorgan_Neg%252CJuliusBaer2020_FinancialPlanning-2%252CMSFT_Neg%252CMarcusUSDeposits_1%252CMobkoi_FB_Negative%252CNegative_Keywords_3.2%252CSaudiAramco_Negative%252CTradeWeb_AiEx%252CWorkdayPG_Neg%26ntvPlacement%3D1093478&cookie_enabled=1&bc=31&abxe=1&lmt=1597271185&dt=1597271185834&dlt=1597271183718&idt=1815&frm=20&biw=1600&bih=1200&oid=3&adxs=1140%2C-12245933%2C258%2C1140&adys=404%2C-12245933%2C3487%2C3044&adks=933109802%2C3176757442%2C152012599%2C918235180&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&dssz=67&icsg=44040240&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1%7C0x-1%7C754x420%7C300x-1&msz=300x-1%7C0x-1%7C754x420%7C300x-1&ga_vid=1223394218.1597271184&ga_sid=1597271186&ga_hid=1481608543&fws=4%2C132%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

99b5be0f251d6644cd097b6f20c55a18f8d64701dcf43b6a25045bdd3c82d8c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18867
x-xss-protection: 0
google-lineitem-id: -1,-1,4806613891,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,138288736159,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
b3a96def045d7447c733979e267b018a.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 82ms
39ms Other
text/html 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://b3a96def045d7447c733979e267b018a.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 26ms
5ms Other
text/html 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

POST
H2 200 /
www.facebook.com/tr/ 0
106 B 6ms
5ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarypTWni9HsB7cjaJMz

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 12 Aug 2020 22:26:26 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.reuters.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 69 KB
23 KB 13ms
12ms Script
application/x-javascript 2600:9000:2182:400:18:1fcd:34e:d2a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:400:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ba607af2c8d414ab6d4bac90c526d90a939cb0adf507b6ba063265347479159d

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 21:33:42 GMT
content-encoding: gzip
last-modified: Fri, 24 Apr 2020 00:58:19 GMT
server: nginx
age: 3164
etag: W/"5ea239ab-11347"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: BaEIzgS-y-UEWp05XkR0AdZdk3CxjUDRye2TFLchZe_AZ4itAACyEA==
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
expires: Wed, 12 Aug 2020 23:33:42 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame D9EC 0
0 29ms
29ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUF1VN4G&prvid=3%2C23%2C28%2C29%2C33%2C38%2C41%2C51%2C54%2C56%2C59%2C69%2C72%2C74%2C76%2C77%2C80%2C82%2C84%2C97%2C106%2C108%2C109%2C113%2C117%2C118%2C122%2C126%2C138%2C139%2C141%2C145%2C147%2C159%2C172%2C173%2C174%2C175%2C178%2C182%2C184%2C188%2C193%2C201%2C203%2C208%2C214%2C222%2C225%2C226%2C3004%2C3007%2C3008%2C3010%2C3012%2C3014%2C3015%2C3017&rtime=922&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUF1VN4G&prvid=3%2C23%2C28%2C29%2C33%2C38%2C41%2C51%2C54%2C56%2C59%2C69%2C72%2C74%2C76%2C77%2C80%2C82%2C84%2C97%2C106%2C108%2C109%2C113%2C117%2C118%2C122%2C126%2C138%2C139%2C141%2C145%2C147%2C159%2C172%2C173%2C174%2C175%2C178%2C182%2C184%2C188%2C193%2C201%2C203%2C208%2C214%2C222%2C225%2C226%2C3004%2C3007%2C3008%2C3010%2C3012%2C3014%2C3015%2C3017&rtime=922&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status: 200
server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Sat, 13 Feb 2021 22:26:26 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=501385
expires: Tue, 18 Aug 2020 17:42:51 GMT
date: Wed, 12 Aug 2020 22:26:26 GMT
content-length: 4727

GET
H2 200 tag.min.js Show response
get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/ 42 KB
14 KB 79ms
30ms Script
text/javascript 13.226.155.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-82.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f37beed085d2cfdd1386a8942434d8011aa20f2e7afa20d7edfd0d49998da1e7

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Thu, 09 Jul 2020 16:33:02 GMT
server: AmazonS3
age: 30
date: Wed, 12 Aug 2020 22:25:57 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
status: 200
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: xf1SDB8s-O0DHOxdyu-3dww9m38DZokBn9urnjljMDLAniAEhidvwg==
via: 1.1 498cdb7d5db845f8fbb098d88d764204.cloudfront.net (CloudFront)

POST
H2 200 i Show response
api.segment.io/v1/ 21 B
141 B 175ms
175ms XHR
application/json 52.11.156.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.segment.io/v1/i
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.156.223 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-156-223.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Wed, 12 Aug 2020 22:26:26 GMT
access-control-allow-origin: https://www.reuters.com
content-length: 21
vary: Origin
content-type: application/json

GET
H2 200 collect
www.google-analytics.com/ 35 B
95 B 6ms
5ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&aip=1&a=1481608543&t=timing&_s=2&dl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&dp=%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&ul=en-us&de=UTF-8&dt=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=2414&pdt=19&dns=1&rrt=0&srt=28&tcp=47&dit=634&clt=634&_gst=128&_gbt=143&_cst=83&_cbt=121&_u=aHDAiEAjR~&jid=&gjid=&cid=1223394218.1597271184&tid=UA-24152976-22&_gid=1061043345.1597271184&cd2=Cyberrisk&cd11=us-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals&cd4=Article%20-%20News&cd32=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&cd8=0&cd10=Slideshow&cd9=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&cd19=Page%20Load&cd7=Desktop&cd6=U.S.&cd5=Article&cd17=Jack%20Stubbs&cd3=Tentpoles%20-%20Cyberrisk&cd1=Tentpoles&cd13=529&cd18=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&cd38=false&cd40=RCOMUS_Cyberrisk&cd41=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&cd42=USKCN24W25W&cd43=KCN24W25W&cd44=4&cd45=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&z=803452646

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 03:20:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68769
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 321ms
107ms Image
image/gif 34.202.105.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=reuters.com&p=reuters.com%2Farticle%2Fus-cyber-cwt-ransom-idUSKCN24W25W&u=nK2HWCUNgC_DQH-AP&d=reuters.com&g=52639&g0=Cyberrisk&g1=Jack%20Stubbs&g4=Article&n=1&f=00001&c=0&x=0&m=0&y=7286&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=2414&t=D9MschBDbhusBtDeFtBIiPxID-v0RW&V=120&i=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&tz=-120&sn=1&sv=x0s49CXSvu1F3c-WBIwMl6CunCze&sd=1&im=06679cf0&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.202.105.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-202-105-4.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Wed, 12 Aug 2020 22:26:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 beacon.min.js Show response
beacon.s-onetag.com/ 18 KB
6 KB 60ms
9ms Script
application/javascript 2600:9000:2182:6200:5:9a4c:9b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.s-onetag.com/beacon.min.js
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:6200:5:9a4c:9b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d640ed39630d91dec61dcb107b977293ec29fecbb5e74467e017d872bf76b0db

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: iJO00mi5pglap2bW60H1GBGtloYAnC3A
content-encoding: gzip
last-modified: Thu, 09 Apr 2020 15:07:03 GMT
server: AmazonS3
age: 140738
date: Tue, 11 Aug 2020 07:20:48 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=172800
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: vcJTvcMEE6KBrE0O0p9HojQB17B6_JOH-6Poc8vaRP3XowQGHZdw_Q==
via: 1.1 dfeaf865724e57eaac72220929416926.cloudfront.net (CloudFront)

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012007302351000/ Frame D25F 206 KB
57 KB 39ms
5ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68ff86e6a3bc683739e7190e4efaff20bbafe0d89c99c42c1b17163ef5203968

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 12105
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57393
x-xss-protection: 0
server: sffe
date: Wed, 12 Aug 2020 19:04:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6c9ea7f49fde3b6d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 19:04:41 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012007302351000/v0/ Frame D25F 16 KB
6 KB 54ms
22ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007302351000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee1ed7b578e1ef6fc0b4eac9c4f9eaa16f3301fce096666526e9d08e4956bb5d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32077
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5908
x-xss-protection: 0
server: sffe
date: Wed, 12 Aug 2020 13:31:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "da3eb6a12045948e"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 13:31:49 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012007302351000/v0/ Frame D25F 96 KB
29 KB 53ms
20ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007302351000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41f07eced66e12809bec654b0a18677a78a7814525dcb6b99934d0b4bcecfc4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 12106
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29738
x-xss-protection: 0
server: sffe
date: Wed, 12 Aug 2020 19:04:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c56a9dc6dcfd844b"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 19:04:40 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012007302351000/v0/ Frame D25F 4 KB
2 KB 52ms
19ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007302351000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c44f4e64c66d0c037bfd7ed0c8fae6f4e25f395135d2a6e06aa233f01173f4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32077
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1782
x-xss-protection: 0
server: sffe
date: Wed, 12 Aug 2020 13:31:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9975c81b3db44358"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 13:31:49 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012007302351000/v0/ Frame D25F 48 KB
15 KB 47ms
15ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007302351000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187ef47cfc091c4fc645d78e6e4c56951cdd6144e5b9a6adddfacc286f1b1aa6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32081
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14954
x-xss-protection: 0
server: sffe
date: Wed, 12 Aug 2020 13:31:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "536b0698dfd565aa"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 13:31:45 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D25F 5 KB
738 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=nl

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 12 Aug 2020 22:26:26 GMT
server: ESF
date: Wed, 12 Aug 2020 22:26:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Aug 2020 22:26:26 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D25F 5 KB
761 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 12 Aug 2020 20:28:38 GMT
server: ESF
date: Wed, 12 Aug 2020 22:26:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Aug 2020 22:26:26 GMT

GET
DATA 200
OK truncated
/ Frame D25F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd45490d75376e28bd54300c5c6cefec10acb6db9a49881fa90a4eef1d242128

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12557946589794849893/ Frame D25F 18 KB
18 KB 10ms
8ms Image
image/jpeg 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12557946589794849893/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIrAIQnQEYASABLQAAAD8wrAI4nQFFAACAPw&rs=AOga4qmxqe9rYaKV90h-caLzwwsEnPdsrA

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c53dcc69c0ddf6c89707f1608b654b2d16d291b06e6795fb9328e93e80c93c76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 16:26:26 GMT
x-content-type-options: nosniff
last-modified: Fri, 08 May 2020 17:54:03 GMT
server: sffe
age: 21600
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18656
x-xss-protection: 0
expires: Thu, 12 Aug 2021 16:26:26 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15529468980082746676/ Frame D25F 3 KB
3 KB 9ms
8ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15529468980082746676/downsize_200k_v1?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4qlAW_KnSOiLEYn7AHVdya83oIcF-A

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7df04e180f32dae44ecaf43977f08ce8c965650d0b909f211c43733cf53bee4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 15:49:35 GMT
x-content-type-options: nosniff
last-modified: Fri, 08 May 2020 17:54:03 GMT
server: sffe
age: 23811
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3024
x-xss-protection: 0
expires: Thu, 12 Aug 2021 15:49:35 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D25F 0
0 32ms
30ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTJUPkWw0X4rJPJuq3gOD5ZDAA4qv8Ndewc6tgsgLloLNhYgWEAEg2p61FWCRhICAjBigAZX5o-wCyAEGqQLk9Jh-icWzPuACAKgDAcgDCqoE4AJP0P-01DOq0TnY2yJXzkqVdxkTmqU-ivPp8fOVu4mHzDDDSfst7OxD9A8xA59u4l62OI0SGkA8S1s_ffWirR_BPXukd5V3kqPX5Nf_XzoCGGKjubUFW3M3fsT7skK9_usFsP0YeRyk-BMXHt5olc2-BOudm1qhQMyslKa9q0Yk5RhQZXR2b91RvGw5qF8pxPOIX0YVuRyopHlSGRCFqhyxN1JxSGD9DBKx65BAOhvfsX3VuiJ-eVXOpTw4K0ts72T1H2Qib91bwWmMjJuHm9M0QGv30rzYrw-n43U25MQ_4yAC9O-k4YOQm955QQNmYd_8pVyVtiQsHYGlpgHHzKx3pLdo7LFf6tTLFVPWVqk2BaW8Qz7VZ39yoHijjzF0IXI4RCcZtA8NKVWa8XqMu6-EnNhVMfpu6E6TN_AnYQ8mYfqspnHpTvTHkp_J_epsBBOkw9J3YJBLbpPQHMuMX6rJwASEwcWmjAPgBAGSBQQIBBgBkgUECAUYBKAGN4AH04bckwGoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQ6-4R0ggJCIDhgHAQARgdgAoDyAsB2BMMiBQB&sigh=4sI-TkZGdNM&template_id=492&tpd=AGWhJmv0SLvJvgbmokdcsvAv-GVL5041FdbChWcp0Oe3k7uppA
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D25F 2 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 40648
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 13 Aug 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D25F 295 B
518 B 7ms
7ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 3568
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 13 Aug 2020 21:26:58 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame D25F 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=nl
Origin: https://www.reuters.com

Response headers

date: Sat, 08 Aug 2020 07:04:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 400927
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Sun, 08 Aug 2021 07:04:19 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame D25F 11 KB
11 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=nl
Origin: https://www.reuters.com

Response headers

date: Tue, 11 Aug 2020 20:11:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 94511
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Wed, 11 Aug 2021 20:11:15 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012007302351000/ Frame 0BBA 206 KB
56 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68ff86e6a3bc683739e7190e4efaff20bbafe0d89c99c42c1b17163ef5203968

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 12105
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57393
x-xss-protection: 0
server: sffe
date: Wed, 12 Aug 2020 19:04:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6c9ea7f49fde3b6d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 19:04:41 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012007302351000/v0/ Frame 0BBA 16 KB
6 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007302351000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee1ed7b578e1ef6fc0b4eac9c4f9eaa16f3301fce096666526e9d08e4956bb5d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32077
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5908
x-xss-protection: 0
server: sffe
date: Wed, 12 Aug 2020 13:31:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "da3eb6a12045948e"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 13:31:49 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012007302351000/v0/ Frame 0BBA 96 KB
29 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007302351000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41f07eced66e12809bec654b0a18677a78a7814525dcb6b99934d0b4bcecfc4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 12106
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29738
x-xss-protection: 0
server: sffe
date: Wed, 12 Aug 2020 19:04:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c56a9dc6dcfd844b"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 19:04:40 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012007302351000/v0/ Frame 0BBA 4 KB
2 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007302351000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c44f4e64c66d0c037bfd7ed0c8fae6f4e25f395135d2a6e06aa233f01173f4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32077
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1782
x-xss-protection: 0
server: sffe
date: Wed, 12 Aug 2020 13:31:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9975c81b3db44358"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 13:31:49 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012007302351000/v0/ Frame 0BBA 48 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007302351000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187ef47cfc091c4fc645d78e6e4c56951cdd6144e5b9a6adddfacc286f1b1aa6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32081
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14954
x-xss-protection: 0
server: sffe
date: Wed, 12 Aug 2020 13:31:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "536b0698dfd565aa"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 13:31:45 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0BBA 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 40648
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 13 Aug 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0BBA 295 B
352 B 9ms
8ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 3568
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 13 Aug 2020 21:26:58 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame E0B6 0
0 65ms
57ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRr7ovXTS-B76FL3W40jfK6jnVErLRPm1J-vNie9RJBrXFJaioRq3JKGUNHZUpSA91E_BKbiwTLPpE7lG6otpqI3Hzrllo1Cf3e78SHPBAKwiCa-UEG-8cAQQG6qEkX-mSVAVDB8GQ9JpWtV7A3XHhaweja8DyXQ8eyjAtpGvWntlF4OFqJ-FikSex8RGXKHN2OoSq3T4wNdg3wJ1BSsN_xSd1_dESandeCtePPGAous1so6CeS3TWlvg1SQSKKvIp8En4v8JEuPxOSYkJ7J4puHyBuzdpal6HmOC3nbA&sai=AMfl-YT76Nc5GUiR6-fxtBU7g5R0EK2ZBRE3nUyn6o5269sp8fPvS4jR1JmLYQlMOxMJHzn3LJHMCzS9z3LFHEcx1oLd-8xZr0uSP2i0yiOmHxPq0CIQHGcdtTaA5DlQWJs&sig=Cg0ArKJSzP3OxkPTEj9EEAE&urlfix=1&adurl=

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 22:26:26 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/44385/ Frame BB8C
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/44385/connatix.player.dc.js

800 KB
198 KB

20ms
19ms

Script
application/javascript

151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f9b0def9c2f40e6dd8149a4166a4364fb3c27337e9d3e63bfbc265ecaa1f9058

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:26 GMT
content-encoding: gzip
age: 28397
x-cache: HIT, HIT
status: 200
content-length: 202778
x-served-by: cache-dca17776-DCA, cache-hhn4065-HHN
access-control-allow-origin: *
last-modified: Wed, 12 Aug 2020 13:58:48 GMT
x-timer: S1597271187.649015,VS0,VE0
etag: "078c3c9ab4ad1e400d37fa3dc7a4c768"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 2049

Redirect headers

date: Wed, 12 Aug 2020 22:26:26 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-served-by: cache-hhn4065-HHN
status: 302
x-cache: HIT
location: https://cds.connatix.com/p/44385/connatix.player.dc.js
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
x-timer: S1597271187.578929,VS0,VE0
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame E0B6 73 KB
28 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c516c523ffceafbf9482017d73bbcea30b998c15ca9de148fc00514561daaf67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1597059737948561"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28328
x-xss-protection: 0
expires: Wed, 12 Aug 2020 22:26:26 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/reutersdfpcw319687550988/ Frame E0B6 307 KB
103 KB 66ms
20ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 11558e1d027dc06afd27bf2613c169508a497d802019b0d97c417097977f00e8

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:26 GMT
content-encoding: gzip
last-modified: Wed, 29 Jul 2020 14:58:25 GMT
server: AmazonS3
x-amz-request-id: A9E122D2AF64C6E2
etag: "06798e04d86839b070d5ea052c4d21a3"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=54395
accept-ranges: bytes
content-length: 105048
x-amz-id-2: AtqbfV5BfnYBbqaWVCvwe8ixmcNjhJQrRXToCeUNEtyIrydkNy3oIpTd22V3zhpRl8qMsebamvk=

GET
H2 200 3668324607224204649
tpc.googlesyndication.com/simgad/ Frame 0BBA 15 KB
16 KB 9ms
6ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3668324607224204649?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk1upnUsQAUQkm1t1jAHNiEYLpR9g

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

328a4d47662c39f632808999028410488ed4c502e2acaea86a0ca5b49fcf5f2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 08 Aug 2020 03:58:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Apr 2020 23:55:06 GMT
server: sffe
age: 412067
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
expires: Sun, 08 Aug 2021 03:58:39 GMT

GET
H2

200

B23768030.267046128;dc_pre=CJbDv-3alusCFU6Tewod0rUIEQ;dc_trk_aid=461813794;dc_trk_cid=106332843;ord=1712793112;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/ Frame 0BBA
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23768030.267046128;dc_trk_aid=461813794;dc_trk_cid=106332843;ord=1712793112;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23768030.267046128;dc_pre=CJbDv-3alusCFU6Tewod0rUIEQ;dc_trk_aid=461813794;dc_trk_cid=106332843;ord=1712793112;dc_lat=;dc_rdid=;tag...

42 B
117 B

40ms
39ms

Image
image/gif

172.217.23.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23768030.267046128;dc_pre=CJbDv-3alusCFU6Tewod0rUIEQ;dc_trk_aid=461813794;dc_trk_cid=106332843;ord=1712793112;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f134.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23768030.267046128;dc_pre=CJbDv-3alusCFU6Tewod0rUIEQ;dc_trk_aid=461813794;dc_trk_cid=106332843;ord=1712793112;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0BBA 0
0 35ms
32ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CXzpUkWw0X4vJPJuq3gOD5ZDAA7DVhNNe6OiCh6QLn93H1JMOEAEg2p61FWCRhICAjBigAe_1jtsDyAEC4AIAqAMByAMIqgTUAk_Q-T9xwIBaxD1g87pUf9FAWRUqG87sxnqzSyx8EGzIP3zbwxWlsZo8cBzbnOgxYuRlw3Td9s0DK6FuUjmfJrWJ7iQ9y9yxSS3lA4X3SvCH4gddu4m1VkcF1FDNwRNRx9SOgA_SHE_lIYb5VTXw7A9xocq3CcyCHSvy1zlS50OrBu3pKZattmrTKJJqL7L1PgdrkQvlGHFUcoL87NgBPYzH0i90B5Dh1x_IUn7lSjY7nzjOfwc3x4Kbvm84YFpt7CfO55mmKk7bbHquvuuK0O7Eau9cAliFtUoOTteQvM3L7Wrcrdp99QdVki-I9IuJpVhXC4MW_Zjd3FdB7y0x7nHTZBtdWrXCRARTSHNDDpbcZsaCbqZSx_t_0yVCdUq4TOwudcQ7OehRTMcBja7llXrKPIVqhoLPOiMR6F6-gLrUKRQraf89tEBAmSVB_xre0Rp7IubABPn__tm5AuAEAZIFBAgEGAGSBQQIBRgEoAYCgAeetpspqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEIDZDNIICQiA4YBwEAEYHYAKA8gLAdgTDA&sigh=lyicj1HLu1Q&tpd=AGWhJmssd9JejxphKRWTdV3goE5N1YRWgJ0QfSYQ207E1qr6EQ
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f130.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 0BBA 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0022824820bdefe4bc5a12737e1370771deb40ac720592372064366bc4368d21

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4806613891 Show response
dfp-gateway.s-onetag.com/1/4735792/ 114 B
580 B 82ms
23ms XHR
application/json 13.226.155.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dfp-gateway.s-onetag.com/1/4735792/4806613891
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.59 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-59.dus51.r.cloudfront.net
Software: /
Resource Hash: 698a0d14189cdfa590d112b056e978324c551080f63a9e0b340b6f1b204af296

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 21:29:21 GMT
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront), 1.1 a67be963c7536322e9a591e428e62d28.cloudfront.net (CloudFront)
age: 3425
x-amzn-requestid: 207f4e37-ad94-4b2a-a6b1-7251f0796d5d
status: 200
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400, public
x-amzn-trace-id: Root=1-5f345f31-7e59d9250bddb0639e0eed51;Sampled=0
x-amz-cf-pop: FRA6-C1, DUS51-C1
x-amz-apigw-id: RLPPuEmXiYcFlpw=
content-length: 114
x-amz-cf-id: at1JHsJvxl4sqoI1KZxpAM3IOiRc0tkLGr1CClqtd2Hc4QzupjvyJw==

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 71 KB
26 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394415bedb33f0d07d610f1ac10439e12098d7a747aca0510cddabca81a9092d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1597059737948561"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27037
x-xss-protection: 0
expires: Wed, 12 Aug 2020 22:26:26 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 48ms
21ms XHR
application/json 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020080501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86bb39e7361b75b6de316d86b208255ab88130ed94b4a68b3abd292ef5fc1606

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 22:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6293
x-xss-protection: 0

GET
H2 200 /
s3.reutersmedia.net/resources/r/ 68 B
460 B 58ms
58ms Image
image/png 13.226.155.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.reutersmedia.net/resources/r/?m=02&d=20170626&t=2&i=9391632524&w=300&fh=&fw=&ll=&pl=&sq=&rtn=LYNNXMPEGJ842C&x30y10&r=LIYXPPGG10FT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-12.dus51.r.cloudfront.net
Software: ADFCDN/5.2.3 / AdDefend GmbH
Resource Hash: adfa0c7de03bc3bea3de80b4a4514881c8b6296568f43a5acd5cd7a16fffd1c9

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:26 GMT
via: 1.1 e7b88cadf742e342f39f17392af35c4f.cloudfront.net (CloudFront)
server: ADFCDN/5.2.3
x-amz-cf-pop: DUS51-C1
x-powered-by: AdDefend GmbH
x-cache: Miss from cloudfront
content-type: image/png
status: 200
cache-control: max-age=0, max-stale=0, must-revalidate, no-cache, no-store, no-transform, post-check=0, pre-check=0, private
accept-ranges: bytes
content-length: 68
x-amz-cf-id: 46zoOZGKTWXpoqVZgRLemVoV22BLwpH0cZ2hk1qIrxFQbktmZUFw9g==
expires: 0

GET
DATA 200
OK truncated
/ Frame E0B6 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca1ba2e7f21dabcc882e6962f146dfd76573bc2968e6e024b240dc2a76fca70a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 7D25 46 KB
13 KB 131ms
58ms Script
application/javascript 34.254.6.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=9599162&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.6.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-6-162.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 280ec995c90f23ebabf3976bfb2cee5002d55ddf4f331a5d87d062bee332f58e

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:26 GMT
content-encoding: gzip
x-server-name: app26.ie.303net.net
status: 200
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Wed, 12 Aug 2020 22:26:26 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame D25F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
14ms

Image
text/html

2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Wed, 12 Aug 2020 22:26:26 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 n.js Show response
geo.moatads.com/ 111 B
285 B 136ms
27ms Script
text/html 3.11.4.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=4007238046&tf=nMzjG---CSa7H-fUfHv-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbjBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3BU3%3C%60%3C%7CjLR&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=REUTERSDFPCW3&hp=1&wf=1&vb=4&cm=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1597271186724&de=999083566566&m=0&ar=2bf682d4aa-clean&iw=4490aac&q=2&cb=0&ym=0&cu=1597271186724&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=20159232%3A453477432%3A4806613891%3A138288736159&zMoatTP=connatix&zMoatStory=0&zMoatAU=%2F4735792%2Fus.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&zMoatPixelDistance=20000&zMoatRawSlicer1=3735912&zMoatRawSlicer2=247866432&zMoatReutersSlicer1=3735912&zMoatReutersSlicer2=247866432&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&id=1&ii=4&bo=3735912&bd=247866432&zMoatOrigSlicer1=3735912&zMoatOrigSlicer2=247866432&dfp=0%2C1&la=247866432&gw=reutersdfpcw319687550988&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A532%3A532%3A2420%3A634&fs=183324&na=684623775&cs=0&callback=DOMlessLLDcallback_93837624
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.11.4.3 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-11-4-3.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 8e9240fa5cf916b55b47388227a8528192a90c8d18e8b309e8c791861934bb36

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:26 GMT
server: TornadoServer/4.5.3
etag: "35becb8359a9b108c4107d746c16be476cc3e1e9"
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=900
timing-allow-origin: *
content-length: 111

GET
H2 200 n.js Show response
geo.moatads.com/ 114 B
288 B 134ms
26ms Script
text/html 3.11.4.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=4007238046&tf=nMzjG---CSa7H-fUfHv-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbjBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3BU3%3C%60%3C%7CjLR&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=REUTERSDFPCW3&hp=1&wf=1&vb=4&cm=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1597271186724&de=999083566566&m=0&ar=2bf682d4aa-clean&iw=4490aac&q=3&cb=0&ym=0&cu=1597271186724&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=20159232%3A453477432%3A4806613891%3A138288736159&zMoatTP=connatix&zMoatStory=0&zMoatAU=%2F4735792%2Fus.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&zMoatPixelDistance=20000&zMoatRawSlicer1=3735912&zMoatRawSlicer2=247866432&zMoatReutersSlicer1=3735912&zMoatReutersSlicer2=247866432&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&id=1&ii=4&bo=3735912&bd=247866432&zMoatOrigSlicer1=3735912&zMoatOrigSlicer2=247866432&dfp=0%2C1&la=247866432&gw=reutersdfpcw319687550988&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A532%3A532%3A2420%3A634&fs=183324&na=267713536&cs=0&callback=MoatDataJsonpRequest_93837624
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.11.4.3 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-11-4-3.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 9304e350df91cb836a3ac7f9c31776eaaab8b5bb321184623eb038d8e7c56c95

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:26 GMT
server: TornadoServer/4.5.3
etag: "a544a7cc4ada9aa70a0dbe12fd86203da33b7d38"
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=900
timing-allow-origin: *
content-length: 114

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame E0B6 0
54 B 56ms
56ms Image
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvGh2bZAPsMW9hhO2ic4OlT3_3zNyuR3l4zFbstcrwJHdQlNl1HfJuFj4eWidVhgxmwxC5mZuyy6M3i1-L5LgRDXD_DPFgGLWXlVE1gfr2oI69meLmoI6wcJB4jBlcwdee07vK69428zwHUnzTrG3tKcVLm957Wt11DjGjA1QsoX6YjviLul2KPV3b9i3zl7-eYaYUyyhT920oDu9FyGq-f10pI8BWvbYzIc7DvWEytNc9V5tMHBsl2uWmwnBK8nb_Cle05ZlIIRBGvznCyHAgOwEGIvg9O8iHCQTiRCogbqw&sai=AMfl-YRXhzHh4q-Uf7VWyMOrtiavUrikXIovNwUUdmhW60b-cT7WxMsq9v_nYP7RP7wxi91K8LXEjcDItcusrt5ULRhK9FlAaeQE3dfTtBm_QnDEt6N0c5Zq1B5zCD24JRc&sig=Cg0ArKJSzEAwEjeHXDViEAE&urlfix=1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 22:26:26 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 /
s3.reutersmedia.net/resources/r/adinclude/ 68 B
459 B 65ms
65ms Image
image/png 13.226.155.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.reutersmedia.net/resources/r/adinclude/?m=02&d=20170520&t=2&i=3572511741&w=201&fh=&fw=&ll=&pl=&sq=2&r=CNHE842C.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-12.dus51.r.cloudfront.net
Software: ADFCDN/5.2.3 / AdDefend GmbH
Resource Hash: adfa0c7de03bc3bea3de80b4a4514881c8b6296568f43a5acd5cd7a16fffd1c9

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:26 GMT
via: 1.1 e7b88cadf742e342f39f17392af35c4f.cloudfront.net (CloudFront)
server: ADFCDN/5.2.3
x-amz-cf-pop: DUS51-C1
x-powered-by: AdDefend GmbH
x-cache: Miss from cloudfront
content-type: image/png
status: 200
cache-control: max-age=0, max-stale=0, must-revalidate, no-cache, no-store, no-transform, post-check=0, pre-check=0, private
accept-ranges: bytes
content-length: 68
x-amz-cf-id: 33yBUzvMlfuFE4dVxEL9Go_UEJyAp6th7epIyo-8R5AELWkQM-4SUg==
expires: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 0BBA
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Wed, 12 Aug 2020 22:26:26 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12557946589794849893/ Frame D25F 18 KB
18 KB 6ms
5ms Image
image/jpeg 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c53dcc69c0ddf6c89707f1608b654b2d16d291b06e6795fb9328e93e80c93c76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 16:26:26 GMT
x-content-type-options: nosniff
last-modified: Fri, 08 May 2020 17:54:03 GMT
server: sffe
age: 21600
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18656
x-xss-protection: 0
expires: Thu, 12 Aug 2021 16:26:26 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15529468980082746676/ Frame D25F 3 KB
3 KB 6ms
5ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7df04e180f32dae44ecaf43977f08ce8c965650d0b909f211c43733cf53bee4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 15:49:35 GMT
x-content-type-options: nosniff
last-modified: Fri, 08 May 2020 17:54:03 GMT
server: sffe
age: 23811
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3024
x-xss-protection: 0
expires: Thu, 12 Aug 2021 15:49:35 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D25F 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 40648
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 13 Aug 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D25F 295 B
352 B 6ms
5ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 3568
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 13 Aug 2020 21:26:58 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0BBA 2 KB
2 KB 6ms
5ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 40648
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 13 Aug 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0BBA 295 B
352 B 6ms
5ms Image
image/png 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 12 Aug 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 3568
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 13 Aug 2020 21:26:58 GMT

GET
H2 200 connatix.player.css
cds.connatix.com/p/44385/ 49 KB
8 KB 31ms
31ms Stylesheet
text/css 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/44385/connatix.player.css
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ce2ba098bd8570d95c60d33cc035ee6764193c8ff7e0d7a531d0e1e98e9ad592

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:26 GMT
content-encoding: gzip
age: 28398
x-cache: HIT, HIT
status: 200
content-length: 8095
x-served-by: cache-dca17739-DCA, cache-hhn4065-HHN
access-control-allow-origin: *
last-modified: Wed, 12 Aug 2020 13:58:48 GMT
x-timer: S1597271187.933249,VS0,VE0
etag: "880884ab75ace2385f14bd369f4ab798"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 2254

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame C4F9 0
0 6ms
5ms Document
text/html 2a00:1450:4001:825::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Wed, 12 Aug 2020 22:05:23 GMT
expires: Thu, 12 Aug 2021 22:05:23 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1263
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 main.gr.19.8.111.js Show response
static.adsafeprotected.com/ Frame 7D25 172 KB
55 KB 32ms
11ms Script
application/javascript 2600:9000:2182:4a00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.111.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=9599162&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:4a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 34cdb6307b099bbbbe4bd77a40fc926d20d665f864aa629a060a8348eeb1df58

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 11 Aug 2020 15:21:00 GMT
content-encoding: gzip
age: 111926
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Tue, 11 Aug 2020 15:04:59 GMT
server: AmazonS3
etag: W/"fc8b8074cb052ac77c1348a5b1d26a7a"
vary: Accept-Encoding
x-amz-version-id: mbfh50bvtCpFumq34uSouA0rbdqMfBTn
via: 1.1 430f949006756123f45be90f8ad8de30.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-C1
content-type: application/javascript
x-amz-cf-id: TOubMjDoFYzE5_EPfZ3WN2kB1W2uADIytSzfXNp_Bf9g3VetGmQ4qg==

POST
H/1.1 200
OK pls Show response
capi.connatix.com/core/ Frame BB8C 3 KB
2 KB 500ms
131ms XHR
multipart/form-data 18.217.68.199
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=44385
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.217.68.199 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-217-68-199.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: 891f76e6a42f800d67a6d0c45568190262132fc31896d63c4b5d689eaeb313d9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 Aug 2020 22:26:27 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1331

GET
H2 200 sca.17.4.114.js Show response
static.adsafeprotected.com/ Frame A0D9 81 KB
22 KB 9ms
9ms Script
application/javascript 2600:9000:2182:4a00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.114.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:4a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:16:22 GMT
content-encoding: gzip
age: 3777006
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Mon, 13 Jan 2020 23:54:54 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via: 1.1 430f949006756123f45be90f8ad8de30.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-C1
content-type: application/javascript
x-amz-cf-id: t9rJoZuluUHP6ZF1Hjs6JGJKXxIBcHljc0GUvu-pIifWbR6lZmgZXg==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 40ms
40ms Image
image/gif 34.254.6.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=9599162&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=&adsafe_url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&adsafe_type=abdfq&adsafe_jsinfo=,id:832ac4f8-a27c-ae5f-bd90-8f2e3e29038b,c:ldtOoi,sl:outOfView,em:true,fr:true,mn:app26ie,pt:1-5-15,wc:0.0.1600.1200,ac:258.3609.1100.420,am:i,cc:258.3609.1100.420,piv:0,obst:0,th:0,reas:l,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,fm:s7uz7Bw+11|12|13|14|15|16|17|18|19|1a|1b|1c*.10764|1c1|1c2|1d|1e1,idMap:1c*,pl:,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:89,oid:dc736813-dcea-11ea-bef0-0a791baeecf6,v:19.8.111,sp:1,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.6.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-6-162.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:27 GMT
x-server-name: app15.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 507ms
171ms Image
image/gif 104.244.38.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=832ac4f8-a27c-ae5f-bd90-8f2e3e29038b&tv={c:ldtOok,pingTime:-8,time:90,type:l,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:90,n:0,pp:0,pm:0},slEvents:[{sl:o,t:88,wc:0.0.1600.1200,ac:258.3609.1100.420,am:i,cc:258.3609.1100.420,piv:0,obst:0,th:0,reas:l,bkn:{piv:[19~0],as:[19~1100.420]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s7uz7Bw+11|12|13|14|15|16|17|18|19|1a|1b|1c*.10764|1c1|1c2|1d|1e1,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.38.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: sjedt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Aug 2020 22:26:27 GMT
X-Server-Name: dt55sje.sje.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 503ms
171ms Image
image/gif 104.244.38.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=832ac4f8-a27c-ae5f-bd90-8f2e3e29038b&tv={c:ldtOoJ,pingTime:-2,time:115,type:a,im:{sf:0,pom:1,prf:{beA:344,beZ:345,mfA:412,cmA:413,inA:413,inZ:419,prA:419,prZ:425,si:433,poA:435,poZ:448,cmZ:448,mfZ:448,loA:452,loZ:455,ltA:458,ltZ:458}},sca:{dfp:{df:4,sz:1100.420,dom:div}},env:{cca:true,gca:true,gca2:false},clog:[{piv:0,vs:o,r:l,w:1100,h:420,t:88}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:115,n:0,pp:0,pm:0},slEvents:[{sl:o,t:88,wc:0.0.1600.1200,ac:258.3609.1100.420,am:i,cc:258.3609.1100.420,piv:0,obst:0,th:0,reas:l,bkn:{piv:[43~0],as:[43~1100.420]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s7uz7Bw+11|12|13|14|15|16|17|18|19|1a|1b|1c*.10764|1c1|1c2|1d|1e1,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn,slid:[google_ads_iframe_/4735792/us.reuters/tentpoles/cyberrisk/article_2,google_ads_iframe_/4735792/us.reuters/tentpoles/cyberrisk/article_2__container__,dpslot_connatix_1977653_USKCN24W25W,USKCN24W25W],sinceFw:23,readyFired:true}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.38.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: sjedt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Aug 2020 22:26:27 GMT
X-Server-Name: dt30sje.sje.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 478ms
159ms Image
image/gif 104.244.38.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=832ac4f8-a27c-ae5f-bd90-8f2e3e29038b&tv={c:ldtOpl,time:153,type:e,env:{ar:self.0},es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:153,n:0,pp:0,pm:0},slEvents:[{sl:o,t:88,wc:0.0.1600.1200,ac:258.3609.1100.420,am:i,cc:258.3609.1100.420,piv:0,obst:0,th:0,reas:l,bkn:{piv:[81~0],as:[81~1100.420]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s7uz7Bw+11|12|13|14|15|16|17|18|19|1a|1b|1c*.10764|1c1|1c2|1d|1e1,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.38.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: sjedt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Aug 2020 22:26:27 GMT
X-Server-Name: dt64sje.sje.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
216 B 39ms
39ms Image
image/gif 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gpt_2020080501&jk=2301812605164711&bg=!YWKlYnpYq7txP6Z6epYCAAAAWVIAAAANmQGmgw64ndNQUMgReOgj0ib7mDeD26y2zGpc5K8f0RxSAl5o4ZiJLl_lTTMfTJBKT13mXPKDDJ7hbZ9qSIT65ypQRBptjWgqTsT5mgb9q-kYz7jUgyaCUUxQ-Ftm-wo4lTug1PBqLenoPzOYfHhJZY80j1InkxNghvW5GqnC2ZZJIZf-jOXdKIE8YwEApbhh8eTI8C_HPsItq5GGpIT_N1wYeYu8V-b-5tNZktg4lP2KVK8F666096G221t7EF3hKnvCtP8puBt-8uSo58VJbHkkxpBmF5ZKXIukj7kdQ7pMBci1vLA4xrWScTN681eGXiH2RWSK6wacqDq-NDYOu4Sqkl_d-dMwPQRUc7zabNlPxtVTvd-QfwXtp0UHauSsU9AIyAlj4G85-TD4lZl0T36uw-Ah56Vg9Lh-vML9jhtstQbbJXD45BmEEjLqJGMA8opwpB9fVZXQqD84IE7Rr9UM-TwHr_8oHfWAKgSrq7YG80Qoyjk6DMaA7uH7Dtt0o86Sb0D3rjFFSdS_jAt8JqelBhBi-hZcf37r9VoFPektunhWYYNJXDI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 319ms
171ms Image
image/gif 104.244.38.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=832ac4f8-a27c-ae5f-bd90-8f2e3e29038b&tv={c:ldtOuj,pingTime:-10,time:461,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.4.114v220002022000220000022002222000022220202020222220222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222222000220000222202222202222000002002002222222222220022202200222002220222202,sd:MTcuNC4xMTR2MTIwMHx8MTYwMHx8MXx8MXx8MjR8fDEyMDB8fDB8fDB8fDF8fGxhbmRzY2FwZS1wcmltYXJ5fHwyNHx8NC8zfHw0LzN8fDB8fDE2MDA-,no:MTcuNC4xMTR2TW96aWxsYXx8TmV0c2NhcGV8fG58fDE2fHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8LTEyMHx8TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,asp:1597271187430||03521f7de44be73c51539bc874e3fa9e||71ff54ebddb1e090fbf173d96e2342c8||3766026726e94542d490c61fa4558ada||b084b7aadfa55061b709fe6bb125a3c7||7c47d8f05172dfec2bb8ccf6929fe05b||e51abe767b7b15130cf11874bcb20d32||fe4fe5738eade89cd480163e2afae775||1576000828}
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.38.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: sjedt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Aug 2020 22:26:27 GMT
X-Server-Name: dt55sje.sje.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 connatix.player.css
cds.connatix.com/p/44385/ Frame E0B6 49 KB
8 KB 19ms
19ms Stylesheet
text/css 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/44385/connatix.player.css
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ce2ba098bd8570d95c60d33cc035ee6764193c8ff7e0d7a531d0e1e98e9ad592

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:27 GMT
content-encoding: gzip
age: 28399
x-cache: HIT, HIT
status: 200
content-length: 8095
x-served-by: cache-dca17739-DCA, cache-hhn4065-HHN
access-control-allow-origin: *
last-modified: Wed, 12 Aug 2020 13:58:48 GMT
x-timer: S1597271188.528698,VS0,VE0
etag: "880884ab75ace2385f14bd369f4ab798"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 2255

POST
H/1.1 200
OK sr Show response
capi.connatix.com/tr/ Frame BB8C 0
324 B 445ms
111ms XHR
multipart/form-data 18.217.68.199
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sr?v=44385
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.217.68.199 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-217-68-199.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 Aug 2020 22:26:27 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 2_media.bin Show response
vid.connatix.com/527c8473-6656-49ea-aa01-5c870b9999f4/ Frame BB8C 626 B
738 B 62ms
18ms XHR
application/octet-stream 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/527c8473-6656-49ea-aa01-5c870b9999f4/2_media.bin
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5b548c55cb99a60bc5d2ed82331220dd5363894f1d0f6a98900b486ce9e85d3b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:27 GMT
content-encoding: gzip
age: 37442
x-cache: HIT, HIT
status: 200
content-length: 473
x-served-by: cache-bwi5139-BWI, cache-hhn4043-HHN
last-modified: Wed, 12 Aug 2020 10:14:12 GMT
x-timer: S1597271188.724769,VS0,VE0
etag: "27a89cdf78269413f6c8725934546be9"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 3, 128

GET
DATA 200
OK truncated
/ Frame E0B6 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E0B6 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK ps Show response
capi.connatix.com/tr/ Frame BB8C 0
324 B 352ms
112ms XHR
multipart/form-data 18.217.68.199
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ps?v=44385
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.217.68.199 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-217-68-199.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 Aug 2020 22:26:28 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK ao Show response
capi.connatix.com/tr/ Frame BB8C 0
324 B 432ms
108ms XHR
multipart/form-data 18.217.68.199
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ao?v=44385
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.217.68.199 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-217-68-199.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 Aug 2020 22:26:28 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/527c8473-6656-49ea-aa01-5c870b9999f4/ Frame E0B6 15 KB
15 KB 23ms
19ms Image
image/webp 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/527c8473-6656-49ea-aa01-5c870b9999f4/1_th.jpg?crop=755:425,smart&width=755&height=425&format=jpeg&quality=60&fit=crop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: eaad44637697425c5c17e2f974faf574cd5d522e2410405fa462331e4b79a313

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:26:27 GMT
via: 1.1 varnish, 1.1 varnish
age: 37476
x-cache: HIT, HIT
fastly-io-info: ifsz=90313 idim=2562x1440 ifmt=jpeg ofsz=15142 odim=755x425 ofmt=webp
status: 200
fastly-stats: io=1
content-encoding: gzip
content-length: 15165
x-served-by: cache-dca17757-DCA, cache-hhn4065-HHN
x-timer: S1597271188.774898,VS0,VE1
etag: "+y83qt+C6ti64aLGZ2xKT8hLAQe6wDBjyPXlPJvNgXI"
vary: Accept
x-amz-request-id: 4137AC3EA453C855
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
content-type: image/webp
x-cache-hits: 2, 1

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 22ms
20ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=120&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=reuters.com&L1id=20159232&L2id=453477432&L3id=4806613891&L4id=138288736159&S1id=3735912&S2id=247866432&ord=1597271186724&r=999083566566&t=meas&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:27 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 12 Aug 2020 22:26:27 GMT

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 22ms
20ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=120&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=reuters.com&L1id=20159232&L2id=453477432&L3id=4806613891&L4id=138288736159&S1id=3735912&S2id=247866432&ord=1597271186724&r=999083566566&t=nht&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:27 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 12 Aug 2020 22:26:27 GMT

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 20ms
19ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=200&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=reuters.com&L1id=20159232&L2id=453477432&L3id=4806613891&L4id=138288736159&S1id=3735912&S2id=247866432&ord=1597271186724&r=999083566566&t=hdn&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:27 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 12 Aug 2020 22:26:27 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame D25F 42 B
107 B 76ms
74ms Image
image/gif 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst2bYNaz7LltWQ6LR3p_0F5Rc1D6mgM2qtEJn6SyTBcCBliOUH5w_kbJo1YsE3BEo6KTdDll6PD_YPzWTK70lDFvKEUu-hhKfEWtjRfOw5O-UBYOorH1tSuAYy5EQ&sai=AMfl-YQL43ORjCgo2R9-VnChagGB5nyUT5rlw1inFzP1Yq9NtVQoNLFIcwcsYAxwgRxt_57wbrTxSwkHl3Z862mvyZVNyqcdLnJI2X1sGkKmz-rtq91fxwkrnbjYdrIbC50&sig=Cg0ArKJSzDBI81aq1dzZEAE&cid=CAASPeRoIwER12cULFzXXXBZDfBZlTJ6UG9r2g-IuEPIGOVpVH9Q29AsHcfYB-0vTWw0AFFLmWw_bWOwmYn5ABQ&id=ampim&o=1140,526&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=414&tls=1414&g=100&h=100&tt=1414&r=v&avms=ampa&adk=933109802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0BBA 42 B
112 B 69ms
68ms Image
image/gif 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuiHNQvDzE45JBUGfMw0cpsjSSR54g-9M07U27cz6Gv30OWeq0nZVrjzDpTU6WMUgEIKB0KZExANREVTScmf6hH_lPohHufeqYcvT1ThystHP6PzGb3NjTn9fgymw&sai=AMfl-YSbtoutDgyAuPz1wkTj8zu0IyvuT4tG_dG-8kI2dTil6cFrV1MHzDA0vdOOe1ntSnTlL4aicA5_MC21yivWB7snKLs6Yyt3bKO050E7-d1tftmD49Rws6BPdZVQH4o&sig=Cg0ArKJSzN718MoOk7ZGEAE&cid=CAASPeRo3Saj8GxcMJvbe-MvYLrztjseIORHnEuVnjGjdNfjgOUlbxRAeq5M2ZuEkRsKMb9wonOhxVYe0p6Iycc&id=ampim&o=436,92&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1007&mtos=0,0,1007,1007,1007&tos=0,0,1007,0,0&tfs=302&tls=1309&g=100&h=100&tt=1309&r=v&avms=ampa&adk=3176757442

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Aug 2020 22:26:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ Frame BB8C 0
324 B 108ms
108ms XHR
multipart/form-data 18.217.68.199
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=44385
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.217.68.199 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-217-68-199.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Wed, 12 Aug 2020 22:26:34 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 / Show response
onetag-geo.s-onetag.com/ 24 B
435 B 71ms
23ms XHR
application/json 13.226.155.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo.s-onetag.com/
Requested by: Host: beacon.s-onetag.com
URL: https://beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-120.dus51.r.cloudfront.net
Software: /
Resource Hash: acf0d68ace16960596de6a16a94def58b49d82dc01e5f1a91c9affbdd206259f

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 21:59:58 GMT
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront), 1.1 129372028f60828d8c084fb619a69bc0.cloudfront.net (CloudFront)
age: 1597
x-amzn-requestid: 41212a54-84c8-474e-8572-24c8e3135457
status: 200
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA6-C1, DUS51-C1
x-amz-apigw-id: RLTu2F4jiYcFlxw=
content-length: 24
x-amz-cf-id: 0wI_fpDWXE0iqHcrwyhDD5JG6aECv3fzhxavLxROENk4UKr_njA-sg==

GET
H2 200 EU Show response
onetag-geo-grouping.s-onetag.com/regionalbloc/ 1 KB
827 B 72ms
22ms XHR
application/json 13.226.155.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo-grouping.s-onetag.com/regionalbloc/EU
Requested by: Host: beacon.s-onetag.com
URL: https://beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.96 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-96.dus51.r.cloudfront.net
Software: restify /
Resource Hash: 6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:03:53 GMT
content-encoding: gzip
server: restify
age: 1363
status: 200
vary: Accept-Encoding,origin
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: api-version, content-length, content-md5, content-type, date, request-id, response-time
cache-control: max-age=86400
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: UKaX45lVufYRcUPirvFip-cw5G9u0gup3u5dc85YhcEXz13-xiRgTQ==
via: 1.1 0406d08716a9781a5c19ff86db2debd3.cloudfront.net (CloudFront)

GET
H2 200 EU Show response
onetag-geo-grouping.s-onetag.com/regionalbloc/ 1 KB
828 B 72ms
23ms XHR
application/json 13.226.155.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo-grouping.s-onetag.com/regionalbloc/EU
Requested by: Host: beacon.s-onetag.com
URL: https://beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.96 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-96.dus51.r.cloudfront.net
Software: restify /
Resource Hash: 6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 22:03:53 GMT
content-encoding: gzip
server: restify
age: 1363
status: 200
vary: Accept-Encoding,origin
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: api-version, content-length, content-md5, content-type, date, request-id, response-time
cache-control: max-age=86400
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: X_kWr8C0DQ1HLTKuXsBzZEmdFbafCGFhpjgjUfd487VtQhcfW_Stnw==
via: 1.1 0406d08716a9781a5c19ff86db2debd3.cloudfront.net (CloudFront)

POST
H2 200 metrics
metrics-collector.s-onetag.com/ 0
0 89ms
20ms Other
application/json 76.223.7.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://metrics-collector.s-onetag.com/metrics
Requested by: Host: beacon.s-onetag.com
URL: https://beacon.s-onetag.com/beacon.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.7.58 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ab51a9e8185f181d0.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: api-version, content-length, content-md5, content-type, date, request-id, response-time

Verdicts & Comments Add Verdict or Comment

193 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reuters.com/	1970-01-19 13:50:47	Name: _fbp Value: fb.1.1597271185494.2019513672
.reuters.com/	1970-01-19 11:41:11	Name: _gat Value: 1
.reuters.com/	1970-01-20 05:12:23	Name: __tbc Value: %7Bjzx%7Dyo9xUxAKwg32SeQvuAZGbaXtI9UxgBkh1PmXC7pcJ12IYag3Zfa49nLCFmkoEuiOBfvFNf_yo8jPeoRzBB4-HvT_ktLBp-uhL4Vc2la1AV0OVXcZ8t2seupzQ5TPpfk3HzyVzbU0qDL8Htc3rl51Vg
.reuters.com/	1970-01-19 20:26:47	Name: ajs_anonymous_id Value: %2244bf7ccf-6f95-4fe4-934f-56d17976c60b%22
.reuters.com/	1970-01-20 05:12:23	Name: xbc Value: %7Bjzx%7DaDgHBcHto3SYFqkc2Wn5DAKZUnPR0slugavoMmFiGkDNq308yMxi-925TxHVYBHKQcmpUc6u5Js4Rxes92m4vDkd-8Aoj3bt9xJ6HnTtWlq3ukhZaEQ3wgo34yCsLGmdO6N1WgooRoOz6fL-h1EiMw
.reuters.com/	1970-01-19 11:42:37	Name: __pvi Value: %7B%22id%22%3A%22v-2020-08-13-00-26-25-012-IUzy4baSnSHAXfw2-6aaa2b71454066fe37c59fd6bf532167%22%2C%22domain%22%3A%22.reuters.com%22%2C%22time%22%3A1597271185227%7D
.reuters.com/	1970-01-19 12:24:23	Name: __pat Value: -14400000

20 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 14) Message: Init Bootstrap with config [object Object]
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 7) Message: BODY ITEMS [object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 14) Message: ###### ias setup complete
console-api	log	(Line 1) Message: Blocking Ads: No
console-api	log	(Line 1) Message: comscore new global fired
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 14) Message: [object Object]
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 7) Message: bootstrap getResults: [object Object]
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 7) Message: us !@!@
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 14) Message: Setup media.net with GDPR consent declined
console-api	log	URL: https://www.dianomi.com/js/videofeed-combined.js?id=123(Line 17) Message: videoAd id 4729 el [object HTMLDivElement] data [object Object]
console-api	log	URL: https://www.dianomi.com/js/videofeed-combined.js?id=123(Line 17) Message: IO Script Loaded
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 14) Message: GPT SET ADMANTX: AccentureAPAC_Negative,Artificial_Intelligence,Barclays,Barclays_2,Boeing_Neg,BofA_Neg,BofA_Neg_Topics,CME_Negative,Cognizant_Coronavirus_3,DIT_Negative_kw1,DWA-Cisco-Coronavirus,Exxon_Negative,FRB,GoldmanSachs,IBM,JPMorgan_Neg,JuliusBaer2020_FinancialPlanning-2,MSFT_Neg,MarcusUSDeposits_1,Mobkoi_FB_Negative,Negative_Keywords_3.2,SaudiAramco_Negative,TradeWeb_AiEx,WorkdayPG_Neg
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 14) Message: GPT SET FOR NON-PERSONALIZED ADS
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 14) Message: GPT SET FOR RESTRICTED DATA PROCESSING
console-api	log	URL: https://static.reuters.com/resources_v2/react/cookie-reset-b74/common.bundle.js(Line 14) Message: GPT ENABLE SERVICES
console-api	log	(Line 2) Message: segment identify user with traits: [object Object]
console-api	log	URL: https://www.dianomi.com/js/videofeed-combined.js?id=123(Line 17) Message: Don't know what it is
console-api	info	URL: https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js(Line 422) Message: Powered by AMP ⚡ HTML – Version 2007302351000 https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
console-api	info	URL: https://cdn.ampproject.org/rtv/012007302351000/amp4ads-v0.js(Line 422) Message: Powered by AMP ⚡ HTML – Version 2007302351000 https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.4.114.js(Line 32) Message: a: 0.0029296875ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
adservice.google.de
api.segment.io
b3a96def045d7447c733979e267b018a.safeframe.googlesyndication.com
beacon.s-onetag.com
beacon.tru.am
c.evidon.com
capi.connatix.com
cd.connatix.com
cdn.adsafeprotected.com
cdn.ampproject.org
cdn.segment.com
cdn.tinypass.com
cdneu-xch.media.net
cdnjs.cloudflare.com
cds.connatix.com
code.jquery.com
connect.facebook.net
contextual.media.net
dfp-gateway.s-onetag.com
dt.adsafeprotected.com
evidon.mgr.consensu.org
experience.tinypass.com
fonts.googleapis.com
fonts.gstatic.com
geo.moatads.com
get.s-onetag.com
googleads.g.doubleclick.net
gwiqcdn.globalwebindex.net
iabmap.evidon.com
img.connatix.com
l.betrad.com
mab.chartbeat.com
metrics-collector.s-onetag.com
onetag-geo-grouping.s-onetag.com
onetag-geo.s-onetag.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.adsafeprotected.com
queso-cdn.prod.reuters.tv
reutersdfpcw319687550988.s.moatpixel.com
s.mnet-ad.net
s.ytimg.com
s3.reutersmedia.net
s4.reutersmedia.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
sope.prod.reuters.tv
static.adsafeprotected.com
static.chartbeat.com
static.reuters.com
stats.g.doubleclick.net
tpc.googlesyndication.com
tru.am
usasync01.admantx.com
vendorlist.consensu.org
vid.connatix.com
www.dianomi.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.reuters.com
www.youtube.com
z.moatads.com
104.111.238.139
104.111.252.228
104.18.22.230
104.244.38.20
13.226.145.149
13.226.155.12
13.226.155.120
13.226.155.30
13.226.155.40
13.226.155.59
13.226.155.74
13.226.155.82
13.226.155.90
13.226.155.96
151.101.114.137
172.217.23.134
18.217.68.199
2.18.235.40
2.18.235.93
209.197.3.24
216.58.212.130
23.62.140.165
2406:da00:ff00::36eb:b8ea
2600:1f18:624f:b000:1a0c:44be:c431:52fe
2600:9000:2182:400:18:1fcd:34e:d2a1
2600:9000:2182:4a00:8:48e:53c0:93a1
2600:9000:2182:5a00:10:27b4:f500:93a1
2600:9000:2182:6200:5:9a4c:9b00:93a1
2600:9000:2182:6a00:1:af78:4c0:93a1
2600:9000:2182:f400:1e:ef1b:aa40:93a1
2606:4700:20::681a:274
2606:4700::6811:4e6b
2606:4700::6811:b6b1
2a00:1450:4001:802::200e
2a00:1450:4001:814::2002
2a00:1450:4001:815::2008
2a00:1450:4001:816::2002
2a00:1450:4001:816::200e
2a00:1450:4001:817::2003
2a00:1450:4001:819::2001
2a00:1450:4001:81a::2003
2a00:1450:4001:81c::2004
2a00:1450:4001:825::2001
2a00:1450:4001:825::200a
2a00:1450:400c:c00::9c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::714
3.11.4.3
34.202.105.4
34.254.6.162
35.201.93.216
52.11.156.223
54.156.236.131
54.208.250.186
66.81.204.228
76.223.7.58
0022824820bdefe4bc5a12737e1370771deb40ac720592372064366bc4368d21
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
0301abe27c75fe3b60eff31ce1d31238c9b84d4f36c037bacf0a8656b6a6fb45
037794227828d971b4b969d8d862fb7091858d68cb81421a5ff2ad96b829bef8
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0541539bf2c978c0ddec342e71cdeeb6c741a149356dcf13a01ae4217d28e46b
05570487bb3f6249f82ffaaf817889dc909225f80ae76d6f0e6c864465b8304f
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09c52e5ea3fdb1ac6d74bf9c68a5411ae21355fb33afd30b8b37c434c3338e2a
0aaaaf59ff20ac0c80aa742192766336429d949b55166da6ba05d8234a8d67de
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11558e1d027dc06afd27bf2613c169508a497d802019b0d97c417097977f00e8
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
15b35c3833a358a2d4da3777fc699f98434d8ad633f05f18b0189ff9425d6ec6
187ef47cfc091c4fc645d78e6e4c56951cdd6144e5b9a6adddfacc286f1b1aa6
18c44f4e64c66d0c037bfd7ed0c8fae6f4e25f395135d2a6e06aa233f01173f4
21a22ffbb31ae72c9efc1970ad750dc83454831721ca163bc6cda04dae21a7d7
25adad9ca79b728ee179d70f9f9251b37634f92ddc1421d1e4204b1fbad4e303
280ec995c90f23ebabf3976bfb2cee5002d55ddf4f331a5d87d062bee332f58e
2a7a5100d1b04b40f49ec3661a2ce57d3af5acbd35497cd946e87912a6c9e021
2b8d8ef7fec86e16424f0c6be7f0471a0c29256e074e1336d92876ddb4bc09ff
3234a9f00027b349b802fae240f760a270d6f4e7f39ecee827e77c3e282f7846
328a4d47662c39f632808999028410488ed4c502e2acaea86a0ca5b49fcf5f2d
33a31901a144a24e7f7153b2ec965007bb58abea0129ec9e7691d468f959569b
34cdb6307b099bbbbe4bd77a40fc926d20d665f864aa629a060a8348eeb1df58
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
38f82a586c4984fdc89697da37dac16d17ed9c1d619510ed32991778b3e21b26
394415bedb33f0d07d610f1ac10439e12098d7a747aca0510cddabca81a9092d
39699ef2ff7f4cfc54b00ba69dbc53473370396c94a44cb770e2e6fb09310168
3c0d27b79bfe51d6abbc99eb79bd7731804fa80823d85bce422ee364185c6126
3c514d4fb8244af230a89d2203522c6a67a55a3f161cfd4fca9f53301c0588ff
45610b21279531a97f9566b0f0f8a1d287a45ae4bc6bc545971af5cd7e393cc6
4c01b4ceb78f1e11f7163091e62124b3f5c0936d8f18d59425748c63b430f77a
4dfb7c925e9a341c587ecc6af346f2cf875c63da4609858353eed31324e7ac48
4ed44c518b79ec0c24d13803371365e67d6ca02829631e0dad366850fd466044
5275e53dca9e7f8cb2741c3e11050df06b6d9167b088dbd8e0ce59052aa97556
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
54138d578ed166d5381db70b3dd14a16830233553b6e4213402bae2fdb0564b4
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5b548c55cb99a60bc5d2ed82331220dd5363894f1d0f6a98900b486ce9e85d3b
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0
61c564503fd8c3d2e54685465eaac1999b423c7a7c85fc40f6ac16fc95b44110
62c155232156eb11fcfd2db27dc8304f7c2fd810da25bfa7740ef28b0b156f88
631b052c0fac425fdea5a7a644d5e3554283675424c4c95003960e8fa96f6060
6346ee09058d555984eb04aac881775c926b5d9d4f73ca91493f7cb708ed90df
67032371580ed843d5a9460d87afa85e4c02983a1dc620b38020d311308f4e59
68ff86e6a3bc683739e7190e4efaff20bbafe0d89c99c42c1b17163ef5203968
698a0d14189cdfa590d112b056e978324c551080f63a9e0b340b6f1b204af296
6a09f19ac3a6fb7a6db7aa92dc9a888e9f6f169b18171d6d958693399af19c99
6aa7c3edbc1ee1fe66d4db0fea18aa2d0bbe0dfae05d228c9ffeeaeacb6f1c53
6d2fe32d253b1c23c584887a2d05bba8d56ad3b233081d190be436c70209ead2
6e198633e8651d2d219b18b644b77c8fac327d010d3d792be5d741f5bed10ff7
6f23d93c9b8e3ca26f6fcc6be6a8d087e43a3f5795daa3c61017071642f66f3c
6f4ae319a9f80c61a3c9734248d8be481ae430185443f3b2747bc1b4f617cc8f
70503c92bcbb8105d95ec4de2012f23098c3383586e95323e4b3384b56af4beb
731ebb6e8eb86eb45b6e7269a9374d1ac90533bfca3a81774dfe51f84fee2f92
7464555aae6d8d87b77f7170fba1698ff64f7454ded58627ca1819246e9a9969
78d7768fb1213eced669894455aac7c1bfb17452b25ef69859ab7617cb85856f
7962dce1427363ac8964c27e8a221d2b6f320fa55f7e32df3508b288d99ff915
7a093c39bdbf0571cc22c594df90ec9f5b114be57bd9f565a192fa07545562f2
7df04e180f32dae44ecaf43977f08ce8c965650d0b909f211c43733cf53bee4e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
82daed7708d1b1a062d78f7701eeb7e56b4bf996e6f62721bee237ea93a94237
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86bb39e7361b75b6de316d86b208255ab88130ed94b4a68b3abd292ef5fc1606
887acf8d48deb6cf8681da13ee39f83b4692d894caf76d56ddcb4ab10cd5fbc4
891f76e6a42f800d67a6d0c45568190262132fc31896d63c4b5d689eaeb313d9
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
8e9240fa5cf916b55b47388227a8528192a90c8d18e8b309e8c791861934bb36
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9304e350df91cb836a3ac7f9c31776eaaab8b5bb321184623eb038d8e7c56c95
940b734900faede377193b445d34e0d48701e2756f7fdd76b3f4cfacc50d4709
99781410070a5dd4d753fdb8a46f4272082b5be64541dcfcb1b2d3c4aea09c6c
99b5be0f251d6644cd097b6f20c55a18f8d64701dcf43b6a25045bdd3c82d8c7
9b133863146a5f391e8cee0842cafc7498ae89b6f79edbecfc842055342c1fe2
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9edaa3db7432fefa25c22c8e5027a9783456df9fa6c8e4512393162e10dbe58a
9f9104dee58871cdb561e4f139fcf095a2fc1fcb0a7778a964975e6b12059c6a
a0d3ad2bd0bb836d67e587c3b497fc7275294125707b05bc38624cf787086dec
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
acf0d68ace16960596de6a16a94def58b49d82dc01e5f1a91c9affbdd206259f
ad590c30e8e0ef2b2539b0f1a7e4e4da38a6a7b2a8b3f88048338c22da590253
ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96
adfa0c7de03bc3bea3de80b4a4514881c8b6296568f43a5acd5cd7a16fffd1c9
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b530d2f33467c65e254999ed904332bc40a5aa25c750229790295f6742938b6f
b5771462426214dd38f38352be4e5018e2d479df771d17d87723969efab65a49
b9cb97ccc36a6396dadf47d7c14dabee0dc93ea9a981488346f67f673691cdda
ba607af2c8d414ab6d4bac90c526d90a939cb0adf507b6ba063265347479159d
bb56e9cb6a9934d4d3c871e6aa711d2168e0c74c02cc3388539fe50e57091dca
bd1dc64fac45e75fffefbd76f176c6ea118ab79b88b3efddc5642d4e7c76d4fe
bd45490d75376e28bd54300c5c6cefec10acb6db9a49881fa90a4eef1d242128
bf3669795bba5ee81c6defbeb24c48986d4693233ce0964138e897363527c3af
c1acfa727754dab58bedc79995a642e235c6fde6449824c4fba4318fc060c91c
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
c516c523ffceafbf9482017d73bbcea30b998c15ca9de148fc00514561daaf67
c53dcc69c0ddf6c89707f1608b654b2d16d291b06e6795fb9328e93e80c93c76
c8567ea9f657a5f2ea1633ec26b13de309f60f0921a278db2a9be91d2e48984e
ca16dd3adebfcc177d21d8fe9fa1f3f1659479394e1c142b27d96cba5bf85058
ca1ba2e7f21dabcc882e6962f146dfd76573bc2968e6e024b240dc2a76fca70a
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ce2ba098bd8570d95c60d33cc035ee6764193c8ff7e0d7a531d0e1e98e9ad592
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfd0da29a6d34ea44fb0035a3a1b409a4a66c091fb0f143ea2f73a643c3f8cef
d27b59be0fa35fd199035fb3d095a553cf11e6c7b44d583b2942650fc3da5977
d4fa79afcf5a5cc5a0f12dedaf825f11530e6397d723fe7044cd37ba3c248e57
d640ed39630d91dec61dcb107b977293ec29fecbb5e74467e017d872bf76b0db
d7d62426c6b87d35cef5c2c873355aa44edffcf4a7f927f1c51b10694ea4f6ed
dda6285e47197327e7e3e9a22b43d82f377248da453ca7aa17eb16648ce3972a
deebd915997d1fc20b8c17b0ac9e57a20b84cb44a54858b18d0ad0ee6ea51f5a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41f07eced66e12809bec654b0a18677a78a7814525dcb6b99934d0b4bcecfc4
e58b5f1ec0b366d5af022fc6580f518062cd5de023870bb4881cc7936cb4da06
e7f4b1248e2225a0453e0aca2b77809313f343b641520ac1efc5967b9102f0b5
eaad44637697425c5c17e2f974faf574cd5d522e2410405fa462331e4b79a313
ee0768f9d2def8b13df284410776f5d755109e77b5c0ca17d8895f65b343a0cd
ee1ed7b578e1ef6fc0b4eac9c4f9eaa16f3301fce096666526e9d08e4956bb5d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01d25f7a76e0682a7a43230c32bef653eaf28b8a6f7a683ebb88bf8c6aa4f50
f37beed085d2cfdd1386a8942434d8011aa20f2e7afa20d7edfd0d49998da1e7
f64cc3c273bf057f43880fffa4ae342f9311ec87afbc20f19f1a4c033a864b6d
f9b0def9c2f40e6dd8149a4166a4364fb3c27337e9d3e63bfbc265ecaa1f9058
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

www.reuters.com Open in urlscan Pro 13.226.155.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

173 Requests

100 %HTTPS

46 %IPv6

39 Domains

68 Subdomains

56 IPs

8 Countries

3056 kBTransfer

8842 kBSize

7 Cookies

25 Outgoing links

Redirected requests

173 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.reuters.com Open in urlscan Pro
13.226.155.90 Public Scan

Screenshot
Live screenshot

Full Image

173
Requests

100 %
HTTPS

46 %
IPv6

39
Domains

68
Subdomains

56
IPs

8
Countries

3056 kB
Transfer

8842 kB
Size

7
Cookies

173 HTTP transactions
10 data transactions