www.mcafee.com Open in urlscan Pro
104.70.95.190 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://securingtomorrow.mcafee.com/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Effective URL:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Submission: On October 19 via manual (October 19th 2022, 3:27:11 am UTC) from IN — Scanned from DE

Summary HTTP 218 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 42 IPs in 6 countries across 37 domains to perform 218 HTTP transactions. The main IP is 104.70.95.190, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.mcafee.com.
TLS certificate: Issued by McAfee OV SSL CA 2 on April 20th 2022. Valid for: a year.

This is the only time www.mcafee.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	161.69.25.99 161.69.25.99	7754 (MCAFEE) (MCAFEE)
1 73	104.70.95.190 104.70.95.190	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a02:26f0:350... 2a02:26f0:3500:587::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:170... 2a02:26f0:1700:391::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.188.157 199.232.188.157	54113 (FASTLY) (FASTLY)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:287::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
14	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	34.255.95.163 34.255.95.163	16509 (AMAZON-02) (AMAZON-02)
2	35.153.151.203 35.153.151.203	14618 (AMAZON-AES) (AMAZON-AES)
1	65.9.95.70 65.9.95.70	16509 (AMAZON-02) (AMAZON-02)
9	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
15	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	52.212.92.153 52.212.92.153	16509 (AMAZON-02) (AMAZON-02)
3	13.36.218.177 13.36.218.177	16509 (AMAZON-02) (AMAZON-02)
1 1	34.248.32.199 34.248.32.199	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::ac40:91d9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	23.35.236.209 23.35.236.209	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
2	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	206.19.49.24 206.19.49.24	17225 (ATT-CERFN...) (ATT-CERFNET-BLOCK)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
4	54.227.198.216 54.227.198.216	14618 (AMAZON-AES) (AMAZON-AES)
2	104.208.16.0 104.208.16.0	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.239.36.21 216.239.36.21	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
1	52.215.83.17 52.215.83.17	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:ca00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
2 2	142.250.74.198 142.250.74.198	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	99.86.1.36 99.86.1.36	16509 (AMAZON-02) (AMAZON-02)
218	42

1 161.69.25.99 (The Colony, United States) 1 redirects

ASN7754 (MCAFEE, US)

securingtomorrow.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

73 104.70.95.190 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-70-95-190.deploy.static.akamaitechnologies.com

www.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:1700:391::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
173bf104.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.188.157 (Munich, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:287::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.255.95.163 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-95-163.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.153.151.203 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-153-151-203.compute-1.amazonaws.com

api2932.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-70.prg50.r.cloudfront.net

cdn-0.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.92.153 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-92-153.eu-west-1.compute.amazonaws.com

mcafeeinc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

smetrics.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.32.199 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-32-199.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:91d9 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 23.35.236.209 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-209.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN17225 (ATT-CERFNET-BLOCK, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.227.198.216 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-227-198-216.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.208.16.0 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cu1pehnsweb01.servicebus.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.36.21 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: any-in-2415.1e100.net

jelly.mdhv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.83.17 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-83-17.eu-west-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:ca00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.198 (Glen Cove, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.1.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-1-36.fra6.r.cloudfront.net

d6tizftlrpuof.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	mcafee.com 2 redirects securingtomorrow.mcafee.com www.mcafee.com smetrics.mcafee.com	3 MB
17	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 ad.doubleclick.net — Cisco Umbrella Rank: 185 stats.g.doubleclick.net — Cisco Umbrella Rank: 84	17 KB
16	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 78	2 KB
15	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 968	111 KB
15	google.de www.google.de — Cisco Umbrella Rank: 6045	1 KB
9	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	307 B
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 61	361 KB
6	gstatic.com fonts.gstatic.com	48 KB
5	facebook.net connect.facebook.net — Cisco Umbrella Rank: 151	363 KB
5	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 490	118 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3384	7 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 375 www.linkedin.com — Cisco Umbrella Rank: 591 px4.ads.linkedin.com — Cisco Umbrella Rank: 6090	3 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 394	61 KB
4	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3965	61 KB
3	d41.co api2932.d41.co — Cisco Umbrella Rank: 725255 cdn-0.d41.co — Cisco Umbrella Rank: 16573	76 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 214 mcafeeinc.demdex.net — Cisco Umbrella Rank: 261957	5 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 216	110 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	20 KB
2	yimg.com s.yimg.com — Cisco Umbrella Rank: 494	7 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 948 pixel.quantserve.com — Cisco Umbrella Rank: 516	10 KB
2	windows.net cu1pehnsweb01.servicebus.windows.net — Cisco Umbrella Rank: 204359	309 B
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 547	611 B
2	t.co t.co — Cisco Umbrella Rank: 483	580 B
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14729 apt.techtarget.com — Cisco Umbrella Rank: 19275	2 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 131	32 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1300 c.go-mpulse.net — Cisco Umbrella Rank: 595	52 KB
1	akstat.io 173bf104.akstat.io — Cisco Umbrella Rank: 15834	201 B
1	cloudfront.net d6tizftlrpuof.cloudfront.net	3 KB
1	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 1242	633 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 876	2 KB
1	usabilla.com w.usabilla.com — Cisco Umbrella Rank: 3625	26 KB
1	mdhv.io jelly.mdhv.io — Cisco Umbrella Rank: 7321	235 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 344	98 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1073	517 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 624	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 742	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 44	1 KB
218	37

	Domain	Requested by
73	www.mcafee.com	1 redirects www.mcafee.com cdnjs.cloudflare.com
15	tags.tiqcdn.com	www.mcafee.com tags.tiqcdn.com
15	www.google.de	www.mcafee.com
15	www.google.com	www.mcafee.com
14	googleads.g.doubleclick.net	www.googleadservices.com www.googletagmanager.com
9	www.facebook.com	www.mcafee.com
7	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com tags.tiqcdn.com
6	fonts.gstatic.com	fonts.googleapis.com
5	connect.facebook.net	www.mcafee.com connect.facebook.net
5	assets.adobedtm.com	www.mcafee.com assets.adobedtm.com
4	tags.srv.stackadapt.com	tags.tiqcdn.com tags.srv.stackadapt.com s.go-mpulse.net
4	cdn.jsdelivr.net	www.mcafee.com
4	static.addtoany.com	www.mcafee.com static.addtoany.com
3	smetrics.mcafee.com	assets.adobedtm.com www.mcafee.com
3	cdnjs.cloudflare.com	www.mcafee.com cdnjs.cloudflare.com
2	www.google-analytics.com	www.googletagmanager.com s.go-mpulse.net
2	ad.doubleclick.net	2 redirects
2	s.yimg.com	tags.tiqcdn.com s.go-mpulse.net
2	cu1pehnsweb01.servicebus.windows.net	s.go-mpulse.net
2	analytics.twitter.com	www.mcafee.com
2	t.co	www.mcafee.com
2	api2932.d41.co	assets.adobedtm.com cdn-0.d41.co
2	dpm.demdex.net	assets.adobedtm.com www.mcafee.com
2	px.ads.linkedin.com	2 redirects
2	www.googleadservices.com	www.mcafee.com www.googletagmanager.com
1	173bf104.akstat.io	s.go-mpulse.net
1	d6tizftlrpuof.cloudfront.net	www.mcafee.com
1	stats.g.doubleclick.net	s.go-mpulse.net
1	adservice.google.com	www.mcafee.com
1	sp.analytics.yahoo.com	www.mcafee.com
1	pixel.quantserve.com	www.mcafee.com
1	rules.quantcount.com	secure.quantserve.com
1	w.usabilla.com	www.mcafee.com
1	secure.quantserve.com	tags.tiqcdn.com
1	jelly.mdhv.io	www.mcafee.com
1	idsync.rlcdn.com	www.mcafee.com
1	apt.techtarget.com	www.mcafee.com
1	trk.techtarget.com	www.mcafee.com
1	cm.everesttech.net	1 redirects
1	mcafeeinc.demdex.net	assets.adobedtm.com
1	cdn-0.d41.co	assets.adobedtm.com
1	px4.ads.linkedin.com	www.mcafee.com
1	www.linkedin.com	1 redirects
1	c.go-mpulse.net	s.go-mpulse.net
1	static.ads-twitter.com	www.mcafee.com
1	snap.licdn.com	www.mcafee.com
1	s.go-mpulse.net	www.mcafee.com
1	fonts.googleapis.com	www.mcafee.com
1	securingtomorrow.mcafee.com	1 redirects
218	49

This site contains links to these domains. Also see Links.

Domain
careers.mcafee.com
ir.mcafee.com
service.mcafee.com
forums.mcafee.com
home.mcafee.com
techmaster.mcafee.com
securingtomorrow.mcafee.com
www.facebook.com
twitter.com
www.instagram.com
www.linkedin.com
www.youtube.com
www.addtoany.com

Subject Issuer	Validity	Valid
www.mcafee.com McAfee OV SSL CA 2	`2022-04-20` - `2023-04-20`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-04` - `2023-06-03`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
akstat.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-15` - `2023-04-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-07-28` - `2022-10-26`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
*.d41.co DigiCert TLS RSA SHA256 2020 CA1	`2022-02-01` - `2023-03-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
smetrics.mcafee.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-16` - `2023-01-16`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.techtarget.com Thawte RSA CA 2018	`2022-09-27` - `2023-10-28`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.srv.stackadapt.com Amazon	`2022-10-09` - `2023-11-07`	a year	crt.sh
servicebus.windows.net Microsoft Azure TLS Issuing CA 06	`2022-10-11` - `2023-10-06`	a year	crt.sh
jelly.mdhv.io GTS CA 1D4	`2022-09-30` - `2022-12-29`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-10-17` - `2022-12-07`	2 months	crt.sh
w.usabilla.com Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-08-09` - `2023-02-01`	6 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Frame ID: E08F88BB34EE1BC71E5ECAF705919C5C
Requests: 208 HTTP requests in this frame

Frame: https://mcafeeinc.demdex.net/dest5.html?d_nsid=0
Frame ID: 5A56605AE41E04D0D1FC8262D4B32693
Requests: 2 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: 550FDED81430B7E70970C78D634A04E7
Requests: 1 HTTP requests in this frame

Frame: https://w.usabilla.com/1eb8bd09b246.js?lv=1
Frame ID: 08537B894D0475E47267AB515230A9D0
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 5CCFE29E12B5E47FC12B6E51C6DA179E
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 7B4EC82652E596FBF57C5333286455DB
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 4C50FD2BE265439B7A3FC55ACB913145
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: A12EE6ADEF04636D7F20E6957E621F0C
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
Frame ID: 75D459C591802F61A6BD96A0971BE0F8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New TeslaCrypt Ransomware Arrives via Spam | McAfee Blog

Page URL History Show full URLs

https://securingtomorrow.mcafee.com/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/ HTTP 301
https://www.mcafee.com/blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/ HTTP 301
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/ Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

218
Requests

99 %
HTTPS

50 %
IPv6

37
Domains

49
Subdomains

42
IPs

6
Countries

4310 kB
Transfer

7784 kB
Size

46
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://careers.mcafee.com/
Title: Search Job Openings

Search URL Search Domain Scan URL

URL: https://careers.mcafee.com/life-at-mcafee
Title: Life at McAfee

Search URL Search Domain Scan URL

URL: https://careers.mcafee.com/our-teams
Title: Our Teams

Search URL Search Domain Scan URL

URL: https://careers.mcafee.com/our-locations
Title: Our Locations

Search URL Search Domain Scan URL

URL: https://ir.mcafee.com/
Title: Investors

Search URL Search Domain Scan URL

URL: https://service.mcafee.com/
Title: Consumer Support

Search URL Search Domain Scan URL

URL: https://forums.mcafee.com/
Title: Support Community

Search URL Search Domain Scan URL

URL: https://home.mcafee.com/Secure/MyAccount/DashBoard.aspx?culture=en-us
Title: Login

Search URL Search Domain Scan URL

URL: https://techmaster.mcafee.com/Subscription
Title: TechMaster Concierge

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/mcafee-labs/new-exploit-kits-improve-evasion-techniques
Title: Angler exploit kit

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/mcafee-labs/teslacrypt-joins-ransomware-field/
Title: blogged about that variant

Search URL Search Domain Scan URL

URL: https://www.facebook.com/mcafee

Search URL Search Domain Scan URL

URL: https://twitter.com/mcafee

Search URL Search Domain Scan URL

URL: https://www.instagram.com/mcafee

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mcafee

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/mcafee

Search URL Search Domain Scan URL

URL: https://twitter.com/mcafee_home

Search URL Search Domain Scan URL

URL: https://www.facebook.com/McAfee/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mcafee/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/mcafee4consumers

Search URL Search Domain Scan URL

URL: https://techmaster.mcafee.com/subscription
Title: McAfee® Techmaster Concierge

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://securingtomorrow.mcafee.com/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/ HTTP 301
https://www.mcafee.com/blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/ HTTP 301
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 81

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1666150024521&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68395%26time%3D1666150024521%26url%3Dhttps%253A%252F%252Fwww.mcafee.com%252Fblogs%252Fother-blogs%252Fmcafee-labs%252Fnew-teslacrypt-ransomware-arrives-via-spam%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1666150024521&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1666150024521&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&liSync=true&e_ipv6=AQLjayWCi02FPgAAAYPuR8lZvqb3TUhBDWBhkliG6iWl1726LKV8kMlNwNJFolvb3cG57Ced

Request Chain 95

https://cm.everesttech.net/cm/dd?d_uuid=76050290962773638584010539314410030831 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y09uiAAAAFprXAN-

Request Chain 166

https://ad.doubleclick.net/activity;src=5471927;type=;cat=;gtm=2odah0;auiddc=2099110391.1666150025;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CL68osOs6_oCFT1FHgIdi6kCtQ;src=5471927;type=;cat=;gtm=2odah0;auiddc=2099110391.1666150025;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CL68osOs6_oCFT1FHgIdi6kCtQ;src=5471927;type=;cat=;gtm=2odah0;auiddc=*;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F

218 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Redirect Chain

https://securingtomorrow.mcafee.com/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
https://www.mcafee.com/blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

165 KB
166 KB

67ms
67ms

Document
text/html

104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

/ PHP/8.1.8

Resource Hash

7f6c4fe4a3fb3ddefe3a6a5c2db84b6de768d575b112f66954fed62bf8e4057a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-type: text/html; charset=UTF-8
date: Wed, 19 Oct 2022 03:27:03 GMT
expires: Wed, 19 Oct 2022 03:27:03 GMT
link: <https://www.mcafee.com/blogs/wp-json/>; rel="https://api.w.org/" <https://www.mcafee.com/blogs/wp-json/wp/v2/posts/46790>; rel="alternate"; type="application/json" <https://www.mcafee.com/blogs/?p=46790>; rel=shortlink <https://www.mcafee.com/etc.clientlibs/mcafee-consumer-wcm-themes/resources/fonts/opensans-regular-webfont.woff2>;rel="preload";as="font";type="font/woff2";crossorigin,<https://www.mcafee.com/etc.clientlibs/mcafee-consumer-wcm-themes/resources/fonts/fontawesome-webfont.4.4.0.woff2>;rel="preload";as="font";type="font/woff2";crossorigin
pragma: no-cache
server-timing: cdn-cache; desc=REVALIDATE edge; dur=46 origin; dur=9
strict-transport-security: max-age=31536000
x-akamai-transformed: 9 - 0 pmb=mRUM,3
x-amz-cf-id: D57uUItNTSodzTi_617Gur5kwfrEQkGQXRN5N9pYWp0yuv9EfK2QGw==
x-amz-cf-pop: FRA60-P4
x-powered-by: PHP/8.1.8

Redirect headers

cache-control: max-age=0, no-cache, no-store
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 19 Oct 2022 03:27:03 GMT
expires: Wed, 19 Oct 2022 03:27:03 GMT
link: <https://www.mcafee.com/etc.clientlibs/mcafee-consumer-wcm-themes/resources/fonts/opensans-regular-webfont.woff2>;rel="preload";as="font";type="font/woff2";crossorigin,<https://www.mcafee.com/etc.clientlibs/mcafee-consumer-wcm-themes/resources/fonts/fontawesome-webfont.4.4.0.woff2>;rel="preload";as="font";type="font/woff2";crossorigin
location: /blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
pragma: no-cache
server-timing: cdn-cache; desc=REVALIDATE edge; dur=8 origin; dur=1017
strict-transport-security: max-age=31536000
x-amz-cf-id: JhkWlvMYwtKz1L2zy_s1VgqwAxukhCZlxiRexJ1OTjHwozVJjc_Q3g==
x-amz-cf-pop: FRA56-C2
x-powered-by: PHP/8.1.8
x-redirect-by: redirection

GET
H2 200 opensans-regular-webfont.woff2
www.mcafee.com/etc.clientlibs/mcafee-consumer-wcm-themes/resources/fonts/ 18 KB
19 KB 50ms
50ms Font
application/octet-stream 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/etc.clientlibs/mcafee-consumer-wcm-themes/resources/fonts/opensans-regular-webfont.woff2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

50c8022116d8105e7c9af1cb08f1e21c26f3f8516875bba1013fe4cbdd166a8d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
date: Wed, 19 Oct 2022 03:27:03 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
last-modified: Tue, 18 Oct 2022 07:31:18 GMT
server: Apache
etag: "48b4-5eb4a13f9eeae"
x-frame-options: DENY
content-type: application/octet-stream
cache-control: public, max-age=2592000
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 18612
expires: Fri, 18 Nov 2022 03:27:03 GMT

GET
H2 200 fontawesome-webfont.4.4.0.woff2
www.mcafee.com/etc.clientlibs/mcafee-consumer-wcm-themes/resources/fonts/ 63 KB
63 KB 76ms
76ms Font
application/octet-stream 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/etc.clientlibs/mcafee-consumer-wcm-themes/resources/fonts/fontawesome-webfont.4.4.0.woff2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
date: Wed, 19 Oct 2022 03:27:03 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
last-modified: Tue, 18 Oct 2022 07:23:27 GMT
server: Apache
etag: "fbd0-5eb49f7dcc3a4"
x-frame-options: DENY
content-type: application/octet-stream
cache-control: public, max-age=2592000
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 64464
expires: Fri, 18 Nov 2022 03:27:03 GMT

GET
H2 200 main.min.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 78 KB
15 KB 193ms
193ms Stylesheet
text/css 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/main.min.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

b63f011bf81f6548e73fe3c4f2edf35d97ca29054a35969373953a4ba382d782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"13862-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=76
content-length: 14857
x-amz-cf-id: pWlcKAOJvKtu_GqSGilUl1rXcWZKy2uumXcAud7t038sH5WMRpm4dQ==
expires: Wed, 19 Oct 2022 03:27:03 GMT

GET
H2 200 style.min.css
www.mcafee.com/blogs/wp-includes/css/dist/block-library/ 81 KB
11 KB 304ms
303ms Stylesheet
text/css 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-includes/css/dist/block-library/style.min.css?ver=5.9.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

74cad4303232e97ca561d020bf3491ab6777c683b259f50f99b64cd62f1e3271

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:46 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"145a9-5e4368f3c1680"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=154
content-length: 11326
x-amz-cf-id: F5dXw5fXdQ6-4pQRlsKQMPhkkj9IR5aQV6E0FCZhZbWIC8A7hluaTg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 blocks.style.build.css
www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/dist/ 27 KB
4 KB 214ms
214ms Stylesheet
text/css 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"6c70-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=29
content-length: 3295
x-amz-cf-id: HU2FlWGwqnADRPfZ1FQQzCj5bLDvtqmsL0zxrK6TliHw7JK-QDl91A==
expires: Wed, 19 Oct 2022 03:27:03 GMT

GET
H2 200 style.min.css
www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/ 2 KB
866 B 319ms
317ms Stylesheet
text/css 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/style.min.css?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

c85b89d6b7d92272f7fb5946e61282a75b946883176c9ff73eac557dde75c724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:46 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"671-5e4368f3c1680"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=140
content-length: 525
x-amz-cf-id: 1ZvGqFhJdayuHc2N3j9wD3McGI4E-iIxXQ3GMIIqUnoQ43jkWtfiLQ==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 style.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/ 28 KB
6 KB 214ms
212ms Stylesheet
text/css 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/style.css?ver=5.9.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

2433290762f14878390667a857add6770254f0ce19676e8d790eeddfe16b082f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"71bf-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=23
content-length: 5837
x-amz-cf-id: gLIbAsBJJ94jsyhvK28By0U7asb4XKoYUc_ZUGHL1iudKsB24o73yA==
expires: Wed, 19 Oct 2022 03:27:03 GMT

GET
H2 200 addtoany.min.css
www.mcafee.com/blogs/wp-content/plugins/add-to-any/ 1 KB
832 B 339ms
338ms Stylesheet
text/css 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Mon, 19 Sep 2022 20:24:41 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"5ef-5e90d80636ccc"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=145
content-length: 494
x-amz-cf-id: TE_s323KL5zGxHZ7YdExMuyppld_tcQXircgtPSIoHumea6clufxTw==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/ 87 KB
31 KB 228ms
227ms Script
application/javascript 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/jquery-3.6.0.min.js?ver=3.6.0

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW56-P2
etag: W/"15d9d-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=22
content-length: 30940
x-amz-cf-id: LZ9yETsmw9RZlNCRcQF2d8yUT40ASjQ3xAub1Vn3vzDElI5ansGLIQ==
expires: Wed, 19 Oct 2022 03:27:03 GMT

GET
H2 200 jquery-migrate-3.3.2.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/ 11 KB
4 KB 373ms
372ms Script
application/javascript 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/jquery-migrate-3.3.2.min.js?ver=3.3.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

f7e248392cea6eed6651423f5b9a4adafec5b15921a2f16ec54e1012be0aaee5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"2bd8-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=162
content-length: 4177
x-amz-cf-id: DyI2BhpwmGEUEJHy_R0D8juWYxUa_oiGYQqBwqTpAejCWmyfy7e3aQ==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 43ms
16ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b3d86ed0495648c392611dec4d4faf28409991c308d4a5e135b621d05126540

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 65498
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 16 Oct 2022 09:12:04 GMT
server: cloudflare
etag: W/"b89-5eb2340a003d6"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=172800
cf-ray: 75c66a745f229950-FRA

GET
H2 200 addtoany.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/add-to-any/ 129 B
477 B 57ms
49ms Script
application/javascript 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Mon, 19 Sep 2022 20:24:41 GMT
x-amz-cf-pop: DFW55-C1
etag: "81-5e90d80636ccc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=22
accept-ranges: bytes
x-amz-cf-id: V1fPh85C-r2sidVpWhcTXFTziObU099c_0FSFJ7i-1UthZ2q6sBWqg==
content-length: 126
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 script.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/ 925 B
773 B 352ms
351ms Script
application/javascript 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/script.min.js?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

656955dd522a5ad6e4854b1ae8cc510c8eafab407ce64ec7957b5c23a8014bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:46 GMT
x-amz-cf-pop: DFW55-C1
etag: "39d-5e4368f3c1680"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=133
accept-ranges: bytes
x-amz-cf-id: y2G2KUZTC63W0Spq2rICyiYXu64W32o1SDalo_zqvApZL2evFzVQ9A==
content-length: 418
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 blog.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 20 KB
5 KB 237ms
236ms Stylesheet
text/css 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/blog.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

85f9a306434e8ed7d91e8ee0ee03ca08c58d61b4d41511b51d6e8ee243a3f2ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW56-P2
etag: W/"4ffa-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=31
content-length: 4831
x-amz-cf-id: zhNjBtAGHFiRgSCWD0JpCPRNlyR9QD00MwzM2FrF1_NYXHG3ZXUqTg==
expires: Wed, 19 Oct 2022 03:27:03 GMT

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/ 158 KB
25 KB 61ms
27ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/bootstrap.min.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3956
x-jsd-version: 4.6.1
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19178-FRA, cache-yyz4536-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"278e1-H7g/xZXPKL+TYth2EOrfo7e7vlk"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MxkUcrPIo2meWj%2B%2FnCjRwW0GBiqCHmNP2oZW7dREwPIYZUO6aVt5C%2FKaXKOSI6J%2FD8rDV5TSVX04SlsslSQYqb4Pq8rewxxaDorNaiDRH2i55wBsP6p2KH2iprdQWg2lXIGszcI%2BY4z7469Pmro%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 75c66a70aa0392bd-FRA

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 54ms
20ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1151424
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TkzAuBK4O26favovq%2FXPg%2FAtusuH%2FnAyJaiDwioE795EV%2BZBWadeUoTolW0Fmgp%2BfGUBEEhJa5UvyUMkSzGLHKuzTo0wEFzDMq%2Bf03i5Gh2eBlJhT9D6H%2BYRjsRCsk5VznE%2F6q8ubylyAM%2F8DAVBh7Sm"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75c66a70ad2d9ba6-FRA
expires: Mon, 09 Oct 2023 03:27:03 GMT

GET
H2 200 static_nav.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 53 KB
8 KB 233ms
232ms Stylesheet
text/css 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

218d05d13fe4ec02c43381f56d55867da02dbb5ed32c417c2584a44fbbfc8c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"d5f2-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=20
content-length: 8047
x-amz-cf-id: ohGLQaW1W9EkIjlfP1sXagTmqXyEOOisuZ0WB3j4BOD_Y3B7oXOW7w==
expires: Wed, 19 Oct 2022 03:27:03 GMT

GET
H2 200 static_footer.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 18 KB
3 KB 597ms
595ms Stylesheet
text/css 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_footer.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

7c48971a72486c60216251e89061d7c2b8b03fa57551e0a6be0b7f0f9ab6254c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"4776-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=375
content-length: 2846
x-amz-cf-id: 6tlZHiu6KPidYVBAzpcXTuAA29zf6gbFds1X202Z04xGYT6xWp4iNA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 slick.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 2 KB
1 KB 54ms
21ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css?ver=5.6.3

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 18295522
x-jsd-version: 1.8.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19175-FRA, cache-hhn4032-HHN
x-jsd-version-type: version
server: cloudflare
etag: W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bf%2BerbTNb%2BhKCzfSS%2BAg81t5yaPR%2BfkJcRc2cnBApcgOWrod%2B4GsUFBzOnXIiPzykuRzufxM2j6U5ybHGcjpRg9n5%2Fes1BJLvNbKQCSKYlH37%2FBwRkG0tHwpT1EH9KXvW216efgqSqyrM9yyx3M%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 75c66a70abbf927f-FRA

GET
H2 200 newtheme-style.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 80 KB
14 KB 245ms
244ms Stylesheet
text/css 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.6.8

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

678e4443e87259063b8fd75aadfe00332e64993b3829693fd69f6b190321042f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"1405e-5e4368f2cd440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=15
content-length: 13897
x-amz-cf-id: 2zpHpv0yUzMJ2pJfwxvVBvSQ2AZpkxljiNlHVudagotvEWYd5F4ZGA==
expires: Wed, 19 Oct 2022 03:27:03 GMT

GET
H2 200 McAfeeHzRed.svg
www.mcafee.com/content/dam/consumer/en/company-logo/ 3 KB
1 KB 39ms
31ms Image
image/svg+xml 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/content/dam/consumer/en/company-logo/McAfeeHzRed.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

8474952f856a73d936c67fc73c4b330547430caec755cab2ee773a626ec03988

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
content-encoding: br
x-content-type-options: nosniff
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1087
last-modified: Fri, 30 Sep 2022 13:12:16 GMT
server: Akamai Resource Optimizer
etag: "b88-5e9bdcc2fc3c2"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
x-mcafee-cache: 365-days
expires: Fri, 18 Nov 2022 03:27:04 GMT

GET
H2 200 chevron-up-black.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 265 B
554 B 64ms
56ms Image
image/svg+xml 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/chevron-up-black.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

9dee9f7724ca98ec632aadeee67d695806122f2ceae9b874dbc47f4535345ce9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: "109-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=20
accept-ranges: bytes
x-amz-cf-id: 6PzIsV2dblnDTdMaX_cda2iyiSBctFeIaD_hgzCRUul74dJ2y__w3w==
content-length: 207
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 search_icon_black.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
1005 B 71ms
63ms Image
image/svg+xml 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/search_icon_black.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

0c5d12f7f623ddaea002928a5e8aa1126cccf4cb80b58a4ed180d675a339efcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"4be-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=21
content-length: 659
x-amz-cf-id: rCjqjWSZ5_8ACKXiCRbgoNhMfTqXL1HxSuHZfKgFt1MD8RmxNywNvg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 cross-grey-icon.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 447 B
609 B 77ms
70ms Image
image/svg+xml 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/cross-grey-icon.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

75b43df6930d03341e76a75dcd100473926121ac0e707825a0e73e5666d7ff97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW56-P2
etag: "1bf-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=20
accept-ranges: bytes
x-amz-cf-id: iQhqzk3EjEZIrTsoSMe7K2_vKNrX3xWI2XzjqZHuFO-1dsOeuF1aDw==
content-length: 260
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 globe-icon.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
893 B 83ms
76ms Image
image/svg+xml 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/globe-icon.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW56-P2
etag: W/"43f-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=20
content-length: 550
x-amz-cf-id: Y6m8I8x2_q2tjorZPRqS4soRUr6rYK4swcUlwdcKBN2eFYtr7WwzUA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 Ransomware.jpg
www.mcafee.com/blogs/wp-content/uploads/ 69 KB
69 KB 102ms
96ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/Ransomware.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

044d576aa9a4a37cce540cbcac562b8e27cff561d4e72e333d1a2ee3cb48b451

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 30 Apr 2022 19:42:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "2b2a3f4b804dbd7f250dcf87a931a2bc"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=10, origin; dur=17
accept-ranges: bytes
content-length: 70437
x-amz-cf-id: _dUmZ-_mObwEOiPnoZDORBPkeie9SixSvXgWZlYPDWYwxVoS_zwZwg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 facebook.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 550ms
544ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/facebook.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

c47380f71c3bdb3ebf92f494d7a6b8c1525f1ce8331fdb50398c22f59eea3936

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: FRA2-C1
etag: "4cf-5e4368f2cd440"
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=11, origin; dur=450
accept-ranges: bytes
content-length: 1231
x-amz-cf-id: 0h3mesON3UKD5pK_kh6TEVDB_ageC-Mr1raxIXsGS0iRKtLOwk8-tA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 linkedin.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 548ms
542ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/linkedin.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

82c52b937868d2d0afb2abccadf9b697f20c73c3c30ad9204dad4884878a7f0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: FRA2-C1
etag: "575-5e4368f2cd440"
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=12, origin; dur=443
accept-ranges: bytes
content-length: 1397
x-amz-cf-id: W_jjg_UH1RY84WQFrXSz-hez_LIMvVkvXBKc8NxBW-0rXkdW3GaLEA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 twitter.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 559ms
553ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/twitter.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

b08faf373c3f1c8247d01a6ac23353ae7a36a7bbf40d7591814920c11196bedf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: FRA2-C1
etag: "5fd-5e4368f2cd440"
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=14, origin; dur=458
accept-ranges: bytes
content-length: 1533
x-amz-cf-id: ihKp5vYojDhCwF6x6V-UxhuqWUHpBspnVmT4kAe8lxL3EZU5kzT1qg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 email.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 559ms
553ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/email.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

2e8af6374a001a941e7eea578da32e139e8c9a659ffab78acd97fa160876efee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: FRA2-C1
etag: "5a3-5e4368f2cd440"
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=14, origin; dur=454
accept-ranges: bytes
content-length: 1443
x-amz-cf-id: cJq1BiE61v4PB3EhcA6jW7BjNr3-40o6-7NDQ8-a1q52rU6Q3xnXwA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 link.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 886 B
1 KB 552ms
546ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/link.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

d051f3c16ae61275a06cdf30938b3492e1bc6d89b9e7d67e2d175cec4e44df8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: FRA56-C2
etag: "376-5e4368f2cd440"
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=17, origin; dur=433
accept-ranges: bytes
content-length: 886
x-amz-cf-id: O8EdPOGxM5InFJ2CmzmnbDyMVznBQHHjcMGi7zXKAbS3KlTvkfnXwg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 rss-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 744 B
707 B 105ms
99ms Image
image/svg+xml 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/rss-white.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

003c5212fe084a97fd7fd753297fe409de81f1be36fa96caced384c844d3d361

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 345
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Oct 2022 05:06:45 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=2592000, public
accept-ranges: bytes
expires: Wed, 02 Nov 2022 05:06:45 GMT

GET
H2 200 300x200_Blog_malliciouscookingstuffing-1-300x203.png
www.mcafee.com/blogs/wp-content/uploads/2022/08/ 81 KB
82 KB 109ms
104ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/08/300x200_Blog_malliciouscookingstuffing-1-300x203.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

0d66fa6c68f151d974336b6ba4fbc234568f3c3fd9e17f23310f78ff9d983bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 29 Aug 2022 21:38:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
etag: "87e5c6ed3b2d97d455f7f4d90558503d"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 83321
x-amz-cf-id: EWDpgoyqfa2NMvNmxunMj4UcNKXi54O6t_hCs7u7-QftSAbiGav9yg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 Cloud-300x162.jpeg
www.mcafee.com/blogs/wp-content/uploads/2021/11/ 13 KB
13 KB 125ms
120ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/11/Cloud-300x162.jpeg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

7e601e5cd42b0c811b65bf97b2a9fecc45bd90886ce4aa1fb15f0cf4de2c9fcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 27 Apr 2022 18:04:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "fd8e38d8247fc8474d606ee43905ccf2"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=10, origin; dur=6
accept-ranges: bytes
content-length: 13190
x-amz-cf-id: 1hwUb6RN7xzK5KSdarNYCXiNzWU69kT_vcZdRSw2ZL3k_nC76WzyEQ==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_googleplay.png
www.mcafee.com/blogs/wp-content/uploads/2022/07/ 67 KB
67 KB 112ms
107ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/07/300x200_Blog_googleplay.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

a982c540f8f384f11cce36732cc23b9f3e9bf9dbee0c854c663f99b27f035969

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 29 Jul 2022 03:16:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "1d806467d4b5264c01768f3ef22ecafa"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 68211
x-amz-cf-id: TJRd56RzpBhi7XHcKXuSvN_e0MZFY9V366z2Kfqx-neafkoJqpVihA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_LNK-Malware.png
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 92 KB
92 KB 117ms
112ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_LNK-Malware.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

c64a0dd00d685de6eb7d2053110e20e2515ec436f262e5d36896a03b390f917a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Jun 2022 18:47:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
etag: "269b6c55466cf51072f191ac2be74169"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 93753
x-amz-cf-id: CMdUfhih6rBxKDmqsFn7ZWVUqk3IBfOiuzjxZg7fujZ-UDk9gFzYHA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_tiktok-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 78 KB
79 KB 123ms
118ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_tiktok-1.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

874167e9a8246e870b7c7bbc08c771595959ba9e721240c33d19bb383d4e29a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 09 Jun 2022 18:44:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "c43c0deb31352d26402c87137f472e14"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 80268
x-amz-cf-id: 84fQkbRLEj7-KDBRa7tEkhU9nQEoIHYWPMMY42CSybXR4Bu8U1Fsqg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_childphones-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 71 KB
72 KB 128ms
123ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_childphones-1.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

6d82164a8b75a7961fd54f46b2b985fd3bf0f16994631f025ef704eaef35f509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 09 Jun 2022 18:55:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "a4dc9fcd6611c8cd1a73df4e5271235a"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 72723
x-amz-cf-id: lPE-BbRdCIqdftotWEtQDx3GbN8aj4rJz8-n6YFzzIQAl1UO_fxCNg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_MFE_Blogs_051722_Blog-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/05/ 65 KB
66 KB 135ms
130ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/05/300x200_Blog_MFE_Blogs_051722_Blog-1.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

b69751883be604d7108841f66360e02134764e137438b491d830d2345149219f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 19 May 2022 04:29:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "386d66c33c0b8d8d4473988a9914bc58"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 66724
x-amz-cf-id: dXFm77V6NrY2ixPX-rfSKyFc-Mgh1X_QJCTwj9-qYgRFijrOGkLI8Q==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_backupday.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/03/ 68 KB
69 KB 157ms
153ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/03/300x200_Blog_backupday.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

bbc8f5b6465f291e62990af3187eb69b20b9924a0d5a078a4d5b01201c343702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 05 May 2022 13:35:12 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "de50fb4e804d4612d015af8b16be168f"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=12, origin; dur=6
accept-ranges: bytes
content-length: 69811
x-amz-cf-id: BVqK8ZKosGINTLsYIZ5HEvk7vpBF3MljZY0Sxi-n1dr6gG8L2bqubQ==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_ukrainescam.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/04/ 69 KB
70 KB 169ms
165ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/04/300x200_Blog_ukrainescam.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

3384758485dbe9ada2cf47807be1f0513945d9d4bacd7f9406ac79abfc49dee1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 05 May 2022 13:12:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "b84e990c79334f9935dcb2f204a17029"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=12, origin; dur=11
accept-ranges: bytes
content-length: 70661
x-amz-cf-id: ZNlhWw-LXUjOw2dzIPuwEOJ5em09dq_bwWqYk3-i2JP_HmrUFqLtnA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_scamparty.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/03/ 72 KB
73 KB 195ms
191ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/03/300x200_Blog_scamparty.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

457f5c0fdf15b82708a47c22c4928cd465012450d2c262297ab8fec142c34e79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
content-disposition: inline
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=19, origin; dur=24
content-length: 73608
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 21 Apr 2022 14:08:08 GMT
server: Apache
etag: "5fa16d52a98b0d00e72346e19f98cb8a"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: GoGH5-94nBys9GHnzWVetfLK_sQrnTnHGWNJOxUMjV392G597nDg9g==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_phonenotifications.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 71 KB
71 KB 185ms
181ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_Blog_phonenotifications.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

18a0ca8e6cf3c31eb83227d48f89f8165141be974f61a06b5856ef999ff2eb58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 05 May 2022 13:32:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "579c3418512929b2c70d1b2fd025039a"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=10, origin; dur=17
accept-ranges: bytes
content-length: 72380
x-amz-cf-id: -hd7y0uYAiBVk5QpbK0OD88jc43YHzX8mH3huJ3mv5mFA5WTSIXW-Q==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_maskingIP.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 81 KB
82 KB 186ms
182ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_maskingIP.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

569c26cc949ef91113628499320d3094b117bf29e3ce614fc3cf6d7d84fe4194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
content-disposition: inline
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=17, origin; dur=5
content-length: 82895
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 21 Apr 2022 15:09:10 GMT
server: Apache
etag: "c3ad9e30865840d001f863e7b61e81b3"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: yF8CA5RhVMbnH5pjcmFsgIGxnFAtm_ZF0Ht8hk9AVGv5CZrAbpaUhg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 logo-red.svg
www.mcafee.com/content/dam/consumer/en/company-logo/ 4 KB
2 KB 166ms
162ms Image
image/svg+xml 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/content/dam/consumer/en/company-logo/logo-red.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

d3704d9797dce227e5032123ba2c7744319bf51460b1f5a54e21ec3d9952004e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
content-encoding: br
x-content-type-options: nosniff
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1239
last-modified: Fri, 30 Sep 2022 13:38:16 GMT
server: Akamai Resource Optimizer
etag: "e1a-5e9bb6ef682bb"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
x-mcafee-cache: 365-days
expires: Fri, 18 Nov 2022 03:27:04 GMT

GET
H2 200 backtotop.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 614ms
611ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/backtotop.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

44a6addb012e85ee247ae07452582489aaa2a0054e45b0810a95108c68f744a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: FRA56-C2
etag: "544-5e4368f2cd440"
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=3, origin; dur=441
accept-ranges: bytes
content-length: 1348
x-amz-cf-id: QNLc97QD-yrE-Fa0MxZ4TgeAP2MfIQQyWVQA73NsB5BgWaaI4BfLVQ==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 navigation.js Show response
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 2 KB
959 B 22ms
21ms Script
application/javascript 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/navigation.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

ff4f1d3b83b386fe368a36112d66e193f81a07d24e2d4f98312fcfb53360d5e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"651-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=11
content-length: 609
x-amz-cf-id: MAk55zfVdrbFgTWIMdJ7MK4XptKTrHH7FR_p8VZ7qMe-WupT5-SgPw==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/ 87 KB
28 KB 37ms
21ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3491980
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27964
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-15d95"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sUETPVwbarN9%2Fi0hUk1z9OW4o1yA9jf38Ytwy5mSZUYUtnHIVjRNePMMpP6bOJru%2F7vgV5uP%2BPWb7nC6lfuTH35LLaGSsA%2BLGn7cBzzIKuvSoV2b%2BEusxjndOZZIxN1Er5SURHqq4QxH6Oz1VMKxJR9U"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75c66a73beb5694f-FRA
expires: Mon, 09 Oct 2023 03:27:04 GMT

GET
H3 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/ 81 KB
23 KB 26ms
16ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/bootstrap.bundle.min.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 18295499
x-jsd-version: 4.6.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19150-FRA, cache-hhn4065-HHN
x-jsd-version-type: version
server: cloudflare
etag: W/"14535-A2PLWLentg73+/gri862MFIyUBo"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2FG4o4PGjev7GdTrYSw0qbpRbQLWN25TiD%2Fcje3qfUm72c5n%2B9ubz8650MyICcT5d4MbzM6VR6JPdDqbcn9RysbNnPHY1ILgmdWV4DjbghQGc%2FVHPkNS8FyB2Kk7efd2kEyRgP30fjAI5Tf4nwo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 75c66a740cbd906a-FRA

GET
H3 200 slick.min.js Show response
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 42 KB
11 KB 26ms
15ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js?ver=10faaf528e636a046163bdb6753031b2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 18295523
x-jsd-version: 1.8.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19152-FRA, cache-hhn4071-HHN
x-jsd-version-type: version
server: cloudflare
etag: W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=193UAiwyVBZn%2FAx72%2BV%2F9P8Kf10uNfXPLfyBGpU0ea8Oq3zmAmyxRDIlLhzfzfGu6gho7kMYZgonWGWHXb2lNpmkM5jbXA1%2FU4nPj%2BLXOKwQLACbCmo%2BocVbyMeltPr2aAMQSsw9RVJRAmKZ42Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 75c66a743943bb55-FRA

GET
H2 200 launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js Show response
assets.adobedtm.com/ 335 KB
94 KB 73ms
9ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6d4d659f4b34d65df2bfac351dda22f2a050352cbebf8f5df3fcb109018f945e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
last-modified: Thu, 31 Mar 2022 21:15:50 GMT
server: AkamaiNetStorage
etag: "f4f97dfb86834a4f03017580725d0f33:1648761350.205862"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 95958
expires: Wed, 19 Oct 2022 04:27:04 GMT

GET
H2 200 mpp-frontend.js Show response
www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/js/ 331 B
550 B 41ms
33ms Script
application/javascript 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: "14b-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=20
accept-ranges: bytes
x-amz-cf-id: mOmr7Li8tLBR_k4fQZFAbSCvXIteWML0iEFOpmxIGmwDGNMxcE-_IQ==
content-length: 195
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 theme-script.js Show response
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 4 KB
2 KB 53ms
45ms Script
application/javascript 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/theme-script.js?ver=5.9.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

b5ef1c00425aca5499c3fa6e3ae78cecaa4682508e587b952780fccc7e8a2475

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"e98-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=29
content-length: 1233
x-amz-cf-id: vscZZkJ2bOmC1TofzyfqdyIUeOAA5b6ZHKQTn-_sbRgSlTs2ups5OQ==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 skip-link-focus-fix.min.js Show response
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 325 B
594 B 45ms
37ms Script
application/javascript 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/skip-link-focus-fix.min.js?ver=20151215

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW53-C1
etag: "145-5e4368f2cd440"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=19
accept-ranges: bytes
x-amz-cf-id: 8kmK_PIBH9xGysm22mzO16g1TdytTzVj-GriZ9xVsWOsFtaoQpF6fg==
content-length: 242
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.mcafee.com/blogs/wp-includes/js/ 18 KB
5 KB 306ms
303ms Script
application/javascript 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-includes/js/wp-emoji-release.min.js?ver=5.9.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:46 GMT
x-amz-cf-pop: DFW55-C1
etag: W/"4705-5e4368f3c1680"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=131
content-length: 4957
x-amz-cf-id: S0x5ZijZT5FLph6dl5PL-26nCoaqcZoyauSIcaWliz3l4quUt-X9cA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 css2
fonts.googleapis.com/ 19 KB
1 KB 135ms
50ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2458c6e69ec960015408bcff5b6e3c679da9a9e7cb3149cc810ef75158c0acf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 Oct 2022 02:22:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC Show response
s.go-mpulse.net/boomerang/ 204 KB
50 KB 35ms
7ms Script
application/javascript 2a02:26f0:1700:391::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:1700:391::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4dafc5d60a0cdc3b677a4cd543239bead37d550f86d89ec5210935ba15872ce1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: br
last-modified: Wed, 05 Oct 2022 05:37:52 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
x-n: S
timing-allow-origin: *
content-length: 50742

GET
H2 200 gray-arrowdwn.svg
www.mcafee.com/content/dam/en-us/test-assets/header-redesign/ 179 B
514 B 179ms
179ms Image
image/svg+xml 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/content/dam/en-us/test-assets/header-redesign/gray-arrowdwn.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

2170edf920df8db1736b378cacb7cbbb19d9693f32a60348d31e285ab9744591

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
content-encoding: br
x-content-type-options: nosniff
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 138
last-modified: Fri, 30 Sep 2022 13:32:36 GMT
server: Akamai Resource Optimizer
etag: "b3-5e9bb24d2b447"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
x-mcafee-cache: 365-days
expires: Fri, 18 Nov 2022 03:27:04 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 128ms
42ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 21:23:03 GMT
x-content-type-options: nosniff
age: 540241
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Oct 2023 21:23:03 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 179ms
95ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:24:53 GMT
x-content-type-options: nosniff
age: 547331
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Oct 2023 19:24:53 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 170ms
87ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 17 Oct 2022 23:09:49 GMT
x-content-type-options: nosniff
age: 101835
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Oct 2023 23:09:49 GMT

GET
H2 200 blue-right-arrow.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
1 KB 308ms
307ms Image
image/svg+xml 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/blue-right-arrow.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.6.8

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

5d4ac009da7f99e32023b5d21c87939275d1561bf80e4737aa5d61beba675f29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.6.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW53-C1
etag: W/"534-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=136
content-length: 698
x-amz-cf-id: QtPO2rq4e8hXeeVTlxQ-3rzIBXuuNsvSvfZucmV716MfwGiX3uXOkg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 Original-Logo.png
www.mcafee.com/blogs/wp-content/uploads/2020/08/ 10 KB
11 KB 195ms
195ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2020/08/Original-Logo.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

f2c34ff128a37e06d27e1e9ba1545a526de7d5f1501d338455ef67a98fb2674e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 20 May 2022 15:12:21 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "1ac0e1e6bde9db039484a8bd84d5e6cd"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=8, origin; dur=9
accept-ranges: bytes
content-length: 10523
x-amz-cf-id: 3Ci8XLdsK4KcB4Uy5AAQjPdOrESKM2HJUFcM3suzkp9RlNT_g5u0Sg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 23ms
22ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3492457
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1F7fPdpTJ%2FemQ%2BJFBkkowGpkeRs7B6yK0M04OlbMgpSaH%2F9ChYIZAqVjWZ0kL91MSXYFge8RBl6DxgUuWHx%2BqnW7fg7bNofGQhCWWjEYcgSCIPoY0RQQvc9QkQjrnzeDMprcKPjb7F3BrIFfk0Jx0baU"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75c66a745f70694f-FRA
expires: Mon, 09 Oct 2023 03:27:04 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 117ms
48ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:25:44 GMT
x-content-type-options: nosniff
age: 547280
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Oct 2023 19:25:44 GMT

GET
H2 200 pxiGyp8kv8JHgFVrJJLucHtA.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
9 KB 120ms
51ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiGyp8kv8JHgFVrJJLucHtA.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:29:33 GMT
x-content-type-options: nosniff
age: 547051
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8668
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:07:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Oct 2023 19:29:33 GMT

GET
H2 200 opensans-regular-webfont.woff2
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/fonts/ 18 KB
19 KB 197ms
196ms Font
application/octet-stream 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/fonts/opensans-regular-webfont.woff2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/main.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

50c8022116d8105e7c9af1cb08f1e21c26f3f8516875bba1013fe4cbdd166a8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/main.min.css
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: FRA56-C2
etag: "48b4-5e4368f2cd440"
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=9, origin; dur=9
accept-ranges: bytes
content-length: 18612
x-amz-cf-id: _QXJiH20AaBd8EMKTghOP8zMOycv5j3F6JgeiVpxOZXgev9EzwtNXQ==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 151ms
81ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:25:44 GMT
x-content-type-options: nosniff
age: 547280
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Oct 2023 19:25:44 GMT

GET
H2 200 Dec2015Tesla-zip-attached-email.jpg
www.mcafee.com/blogs/wp-content/uploads/ 68 KB
69 KB 832ms
828ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/Dec2015Tesla-zip-attached-email.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

c96632da476f22484073c005267b1e34c7340c60624a408d77c2f4014df9ed57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 30 Apr 2022 19:36:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
etag: "5f22c83e6354a42da7669a875b92391b"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=650
accept-ranges: bytes
content-length: 70140
x-amz-cf-id: gQ5MKmdkYIMgTL8aYtQfSJvDaVnkcxicngHcFa4K1OTko2tNIigYPw==
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H2 200 Dec2015Tesla-obfuscated-JS.jpg
www.mcafee.com/blogs/wp-content/uploads/ 189 KB
190 KB 859ms
855ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/Dec2015Tesla-obfuscated-JS.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

d75e3f73d3f407ab5d0233a628d54cb82abde1dd8fea82428258c8ad6419e5a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 30 Apr 2022 19:36:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "02f351dda8f0426747e814ec702e538e"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=MISS, edge; dur=29, origin; dur=653
accept-ranges: bytes
content-length: 193098
x-amz-cf-id: RBbQmsbXFRSSFcr2l2uSgOH4-3TRqnTF2g7FoItLWpWVT2P4O5DPrw==
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H2 200 Dec2015Tesla-deobfuscatedJS-768x831.jpg
www.mcafee.com/blogs/wp-content/uploads/ 99 KB
99 KB 936ms
933ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/Dec2015Tesla-deobfuscatedJS-768x831.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

8c3d63f35dbb7c91072f5db40e6941fbc3873eec0b2423f1f6a3d34700fdde83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 30 Apr 2022 19:36:14 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "6ad351d69a01e1257d6b475c90d6417f"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=MISS, edge; dur=22, origin; dur=730
accept-ranges: bytes
content-length: 100942
x-amz-cf-id: bDm_KmZylFiW-q4hHNoEuU91pfrCL8c931w7Su4V-v8js8carhrrPA==
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H2 200 Dec2015Tesla-doc-attached-email.jpg
www.mcafee.com/blogs/wp-content/uploads/ 100 KB
101 KB 871ms
868ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/Dec2015Tesla-doc-attached-email.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

f6df752d4ddfe7e050e9f2c74e57948fad8b1eb4bbb3e746ff03f3147540181c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 30 Apr 2022 19:36:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
etag: "6f238aa47518edca5e87308cfc700939"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=MISS, edge; dur=5, origin; dur=675
accept-ranges: bytes
content-length: 102883
x-amz-cf-id: vEuIloLZPgSzuETI3zLcKp1dDkH_kb6DxndHb-q1ilVlMIjou6XBdg==
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H2 200 Dec2015Tesla-extracted-macro.jpg
www.mcafee.com/blogs/wp-content/uploads/ 33 KB
34 KB 825ms
822ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/Dec2015Tesla-extracted-macro.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

15ffa205cf50b0af4c4d1fe323dc7d894a564de999366e1dbdc80c6043525606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 30 Apr 2022 19:36:18 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "78c098aad9f43ff7dc55279e1acb9ab6"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=MISS, edge; dur=5, origin; dur=626
accept-ranges: bytes
content-length: 33984
x-amz-cf-id: n903y9YzVebWT7g9JhpCIHXTE4WVPOwrqCHwTa3jcJFqEizkue9Eog==
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H2 200 Dec2015Tesla-dropcopy-768x664.jpg
www.mcafee.com/blogs/wp-content/uploads/ 149 KB
150 KB 858ms
856ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/Dec2015Tesla-dropcopy-768x664.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

40d078a3bd4049362979948fe0a6302a38612e720b30c41e871bbf0aa7f4144c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 30 Apr 2022 19:36:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "36cfe1a48e7005993741aa25139a41d8"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=MISS, edge; dur=6, origin; dur=653
accept-ranges: bytes
content-length: 152547
x-amz-cf-id: 7cRLHqYZi1SdJYiee73NR8zuDE_qec3wlrTvgf-Px7-8_ZFEaoVwpw==
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 102 KB
27 KB 37ms
9ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

510d71bfae8484c59b9b3bd6064b3edd0348bb79b3b448bc1093bc7a73265b6a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 19 Oct 2022 03:27:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27029
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: K1aXqJ/MzHZf+Ep3UGAlIqaBP5iDnzO08KgxzsYk2+SrQRjVu1WjtnaQYNFroKiD0ci0pPid0mToIhlP6uTRBw==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 65ms
11ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=40123
accept-ranges: bytes
content-length: 3063

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 390ms
12ms Script
application/javascript 199.232.188.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
last-modified: Tue, 30 Aug 2022 15:04:19 GMT
etag: "d4de8398858246712016031c834bb061+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15317
x-served-by: cache-iad-kjyo7100153-IAD, cache-muc13931-MUC

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
17 KB 141ms
49ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

44f327eeeb995eabd2810452b355ca82979280a4d7def1bd980d3897e6999af6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16840
x-xss-protection: 0
server: cafe
etag: 11313833467736987248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H3 200 core.e18d3993.js Show response
static.addtoany.com/menu/modules/ 70 KB
25 KB 50ms
31ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.e18d3993.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36925e7859abeeb8681d694d702e00b1fbba6f37ac49b11e8f863ed24507ca6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1215571
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 03 Sep 2022 00:56:46 GMT
server: cloudflare
etag: W/"11891-5e7bb52267bff"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 75c66a74acff9b80-FRA

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 10 KB
3 KB 442ms
335ms XHR
application/json 2a02:26f0:6c00:287::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC&d=www.mcafee.com&t=5553833&v=1.737.0&sl=0&si=dcdf8c95-5832-4e50-bf9b-6d6a0b0c4ebc-rjzdl2&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=250743
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:287::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9a22232280af7265cb2aee7e85c435aa32d2138aa617bcfb06a6d40e91721a2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 03:27:04 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 2342

GET
H3 200 448732493334171 Show response
connect.facebook.net/signals/config/ 288 KB
83 KB 171ms
160ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/448732493334171?v=2.9.86&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ed159ef40aa4d0deb0b7dda38006a88e4982f8064d2dc9ee9d80696bab91d342

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 19 Oct 2022 03:27:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: LEpLOHKbpYDzu3/9enuQ83+hcjTPGyJGN0D9nDXlbKNM8LrxPgJAoITYxZK9I3NS5csDcHbl1AongJcq7CI8RQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1666150024521&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68395%26time%3D1666150024521%26url%3Dhttps%253A%252F%252Fwww.mcafee.com%252Fblogs...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1666150024521&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&liSy...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1666150024521&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&liS...

0
264 B

220ms
183ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1666150024521&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&liSync=true&e_ipv6=AQLjayWCi02FPgAAAYPuR8lZvqb3TUhBDWBhkliG6iWl1726LKV8kMlNwNJFolvb3cG57Ced
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1E0EC1FDE6EA44F49547DA7658372B5A Ref B: FRAEDGE1415 Ref C: 2022-10-19T03:27:05Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXrWshtx3AUsbUL/Bao/w==

Redirect headers

date: Wed, 19 Oct 2022 03:27:05 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 4F9833BF855C4061825F33C9CECC931D Ref B: FRAEDGE1512 Ref C: 2022-10-19T03:27:05Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1666150024521&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&liSync=true&e_ipv6=AQLjayWCi02FPgAAAYPuR8lZvqb3TUhBDWBhkliG6iWl1726LKV8kMlNwNJFolvb3cG57Ced
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXrWshqJHZuNLYi59rW3Q==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975085349/ 2 KB
2 KB 138ms
52ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975085349/?random=1666150024568&cv=9&fst=1666150024568&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a88d86b1ebd759dc2c34264420b348dc6cff3473b02a2040b38284618b4d262a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1071
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 526 B
1 KB 143ms
33ms XHR
application/json 34.255.95.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=A729776A5245B1590A490D44%40AdobeOrg&d_nsid=0&ts=1666150024592

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.255.95.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-255-95-163.eu-west-1.compute.amazonaws.com

Software

Resource Hash

6b730b9d1d62602579fb03b423a2c9efecbadb91d60775f4af128292a7a41cbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v044-02f73253e.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: WNDHaYOFSV4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.mcafee.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 362
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 33 KB
12 KB 7ms
7ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "41f1b46329a6056c0f2c993498eda989:1591133412.019903"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12161
expires: Wed, 19 Oct 2022 04:27:04 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 3 KB
2 KB 9ms
8ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "e9aa55ef8b40a205f86b54789b37de5c:1591133412.323749"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1607
expires: Wed, 19 Oct 2022 04:27:04 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 25 KB
9 KB 10ms
9ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 414b33c761e7ba385e0bd403c1d0c1fe37978a956a3898309f17518b217025c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "7324535d27629ca693bad7fd0da315ea:1591133412.560246"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8764
expires: Wed, 19 Oct 2022 04:27:04 GMT

GET
H/1.1 204
No Content / Show response
api2932.d41.co/sync/ 0
506 B 544ms
100ms Script
text/plain 35.153.151.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api2932.d41.co/sync/

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.153.151.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-153-151-203.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 Oct 2022 03:27:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
access-control-allow-origin: https://www.mcafee.com
Cache-control: no-store
access-control-allow-credentials: true
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK dnb_coretag_v4.min.js Show response
cdn-0.d41.co/tags/ 74 KB
75 KB 109ms
53ms Script
application/javascript 65.9.95.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-70.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 19 Oct 2022 03:27:04 GMT
Via: 1.1 6fc3cae9692b6db972e4990be9921fae.cloudfront.net (CloudFront)
Last-Modified: Thu, 18 Nov 2021 14:57:32 GMT
Server: AmazonS3
X-Amz-Cf-Pop: PRG50-C1
Age: 58
ETag: "c5b0d60b7c887bcae6d8897835a15d14"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 76079
X-Amz-Cf-Id: VhYnAaR64Ix3w9fHsr9_nFqR8-ENMRA6WNhikivyG6To-YPJaDKmEA==

GET
H3 200 187610925152304 Show response
connect.facebook.net/signals/config/ 292 KB
84 KB 65ms
65ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/187610925152304?v=2.9.86&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bbbc873bceaef4571c9485cd6e40fcdf66104bbfce1684f325c37df8d7d37818

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 19 Oct 2022 03:27:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: Z4rMKBuKrfm+HpihY0YerrExQz1ASt9dHizli8sbYnTxFWH2z9FPDUPEJbIu/0dSMveUTlDwc1BSSYz4pebKKw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 35ms
9ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=448732493334171&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&rl=&if=false&ts=1666150024696&sw=1600&sh=1200&v=2.9.86&r=stable&ec=0&o=30&it=1666150024491&coo=false&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 19 Oct 2022 03:27:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/975085349/ 42 B
548 B 136ms
51ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975085349/?random=1666150024568&cv=9&fst=1666148400000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&fmt=3&is_vtc=1&random=2369855120&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975085349/ 42 B
548 B 137ms
49ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975085349/?random=1666150024568&cv=9&fst=1666148400000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&fmt=3&is_vtc=1&random=2369855120&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dest5.html Show response
mcafeeinc.demdex.net/ Frame 5A56 7 KB
3 KB 151ms
33ms Document
text/html 52.212.92.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mcafeeinc.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.212.92.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-212-92-153.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v044-0d06541aa.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: iA4Z5/asRnE=
content-encoding: gzip
date: Wed, 19 Oct 2022 03:27:04 GMT
last-modified: Thu, 29 Sep 2022 16:18:55 GMT
transfer-encoding: chunked
vary: accept-encoding

GET
H2 200 id Show response
smetrics.mcafee.com/ 48 B
457 B 69ms
18ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.mcafee.com/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&mid=71133811180220312794365676453993766354&ts=1666150024745

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

e706b2c1b4029a10d2d0d4f12004e47595ce518b865979a9998b900ebc9ea7e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://www.mcafee.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Y09uiAAAAFprXAN-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=76050290962773638584010539314410030831
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y09uiAAAAFprXAN-

42 B
942 B

33ms
33ms

Image
image/gif

34.255.95.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y09uiAAAAFprXAN-

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

HTTP/1.1

Server

34.255.95.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-255-95-163.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v044-0b6db8e1c.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: FlB7MuEZRwA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y09uiAAAAFprXAN-
Date: Wed, 19 Oct 2022 03:27:04 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1 200
OK api Show response
api2932.d41.co/ 55 B
605 B 281ms
102ms Fetch
application/json 35.153.151.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api2932.d41.co/api?req=api2932&form=json

Requested by

Host: cdn-0.d41.co
URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.153.151.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-153-151-203.compute-1.amazonaws.com

Software

Resource Hash

24937d7140dbec8f50327bcb6e1cd2c815ddb0b4831ab59b8253ea6838aa8a5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 Oct 2022 03:27:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
access-control-allow-origin: https://www.mcafee.com
Cache-control: no-store
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 55
X-XSS-Protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 141ms
58ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

113380529a42db1c7ffcaa2bdb89cd13b93449a3092cabd13f87b4c06cef0330

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66011
x-xss-protection: 0
last-modified: Wed, 19 Oct 2022 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 2 KB
1 KB 156ms
57ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1666150024795&cv=9&fst=1666150024568&num=2&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfc26a106ce03cbb576da11779f33961b936fe586f2954b7f1b5b9240d2f3789

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1076
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 2 KB
1 KB 96ms
40ms Script
text/javascript 2606:4700:4400::ac40:91d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 15 Oct 2021 14:31:37 GMT
server: cloudflare
age: 197
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1200
server-timing: cf-q-config;dur=4.9999998736894e-06
cf-ray: 75c66a775b2892a5-FRA
expires: Wed, 19 Oct 2022 03:33:47 GMT

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 248 KB
50 KB 69ms
14ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2081f2547859809e552bfee4e0d58c38a82cde9ba35679af7f2de9752e035656

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
last-modified: Tue, 18 Oct 2022 14:28:06 GMT
server: AkamaiNetStorage
etag: "4767fb03c03703092e068ee91e7a6d41:1666103286.179543"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
expires: Wed, 19 Oct 2022 03:32:04 GMT

GET
H3 200 icons.30.svg.js Show response
static.addtoany.com/menu/svg/ 77 KB
33 KB 29ms
19ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.30.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.e18d3993.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2953182
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 10 Nov 2021 01:49:04 GMT
server: cloudflare
etag: W/"132a9-5d0656e4a26b3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 75c66a7718ea9b2b-FRA

GET
H3 200 sm.23.html Show response
static.addtoany.com/menu/ Frame 550F 741 B
655 B 43ms
36ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.23.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 533980
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 75c66a7718eb9b2b-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 19 Oct 2022 03:27:04 GMT
etag: W/"2e5-5cc9e128a4c38"
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e1s
x-content-type-options: nosniff

GET
H3 200 766537420057144 Show response
connect.facebook.net/signals/config/ 292 KB
84 KB 76ms
76ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/766537420057144?v=2.9.86&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f4962081bda13b0e132399dd4a72278da7c075e582a95c0bf7ff40aea0286aee

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 19 Oct 2022 03:27:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 7L5J8Blmh8kZ9IgbV/qs+WblqppSpHGy1zfAXyjQ9iNpYrz+Z52vVmO43FJqksqXPzqLFBuVXNMK4jIvoQMLZg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
17 B 21ms
9ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=187610925152304&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&rl=&if=false&ts=1666150024819&sw=1600&sh=1200&v=2.9.86&r=stable&ec=0&o=30&fbp=fb.1.1666150024818.358181807&it=1666150024491&coo=false&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 19 Oct 2022 03:27:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 200 300x200_maskingIP.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 81 KB
82 KB 12ms
12ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_maskingIP.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

569c26cc949ef91113628499320d3094b117bf29e3ce614fc3cf6d7d84fe4194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 82895
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 21 Apr 2022 15:09:10 GMT
server: Apache
etag: "c3ad9e30865840d001f863e7b61e81b3"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: yF8CA5RhVMbnH5pjcmFsgIGxnFAtm_ZF0Ht8hk9AVGv5CZrAbpaUhg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_phonenotifications.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 71 KB
71 KB 38ms
37ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_Blog_phonenotifications.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

18a0ca8e6cf3c31eb83227d48f89f8165141be974f61a06b5856ef999ff2eb58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 05 May 2022 13:32:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "579c3418512929b2c70d1b2fd025039a"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=14, origin; dur=7
accept-ranges: bytes
content-length: 72380
x-amz-cf-id: -hd7y0uYAiBVk5QpbK0OD88jc43YHzX8mH3huJ3mv5mFA5WTSIXW-Q==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_scamparty.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/03/ 72 KB
73 KB 21ms
21ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/03/300x200_Blog_scamparty.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

457f5c0fdf15b82708a47c22c4928cd465012450d2c262297ab8fec142c34e79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 73608
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 21 Apr 2022 14:08:08 GMT
server: Apache
etag: "5fa16d52a98b0d00e72346e19f98cb8a"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: GoGH5-94nBys9GHnzWVetfLK_sQrnTnHGWNJOxUMjV392G597nDg9g==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_ukrainescam.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/04/ 69 KB
70 KB 47ms
47ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/04/300x200_Blog_ukrainescam.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

3384758485dbe9ada2cf47807be1f0513945d9d4bacd7f9406ac79abfc49dee1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 05 May 2022 13:12:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "b84e990c79334f9935dcb2f204a17029"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=15, origin; dur=4
accept-ranges: bytes
content-length: 70661
x-amz-cf-id: ZNlhWw-LXUjOw2dzIPuwEOJ5em09dq_bwWqYk3-i2JP_HmrUFqLtnA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_malliciouscookingstuffing-1-300x203.png
www.mcafee.com/blogs/wp-content/uploads/2022/08/ 81 KB
82 KB 30ms
29ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/08/300x200_Blog_malliciouscookingstuffing-1-300x203.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

0d66fa6c68f151d974336b6ba4fbc234568f3c3fd9e17f23310f78ff9d983bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 29 Aug 2022 21:38:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
etag: "87e5c6ed3b2d97d455f7f4d90558503d"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 83321
x-amz-cf-id: EWDpgoyqfa2NMvNmxunMj4UcNKXi54O6t_hCs7u7-QftSAbiGav9yg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 Cloud-300x162.jpeg
www.mcafee.com/blogs/wp-content/uploads/2021/11/ 13 KB
13 KB 78ms
76ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/11/Cloud-300x162.jpeg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

7e601e5cd42b0c811b65bf97b2a9fecc45bd90886ce4aa1fb15f0cf4de2c9fcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 27 Apr 2022 18:04:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "fd8e38d8247fc8474d606ee43905ccf2"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=13, origin; dur=16
accept-ranges: bytes
content-length: 13190
x-amz-cf-id: 1hwUb6RN7xzK5KSdarNYCXiNzWU69kT_vcZdRSw2ZL3k_nC76WzyEQ==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_googleplay.png
www.mcafee.com/blogs/wp-content/uploads/2022/07/ 67 KB
67 KB 43ms
42ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/07/300x200_Blog_googleplay.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

a982c540f8f384f11cce36732cc23b9f3e9bf9dbee0c854c663f99b27f035969

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 29 Jul 2022 03:16:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "1d806467d4b5264c01768f3ef22ecafa"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 68211
x-amz-cf-id: TJRd56RzpBhi7XHcKXuSvN_e0MZFY9V366z2Kfqx-neafkoJqpVihA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_LNK-Malware.png
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 92 KB
92 KB 57ms
56ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_LNK-Malware.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

c64a0dd00d685de6eb7d2053110e20e2515ec436f262e5d36896a03b390f917a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 21 Jun 2022 18:47:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
etag: "269b6c55466cf51072f191ac2be74169"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 93753
x-amz-cf-id: CMdUfhih6rBxKDmqsFn7ZWVUqk3IBfOiuzjxZg7fujZ-UDk9gFzYHA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_tiktok-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 78 KB
79 KB 70ms
69ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_tiktok-1.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

874167e9a8246e870b7c7bbc08c771595959ba9e721240c33d19bb383d4e29a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 09 Jun 2022 18:44:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "c43c0deb31352d26402c87137f472e14"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 80268
x-amz-cf-id: 84fQkbRLEj7-KDBRa7tEkhU9nQEoIHYWPMMY42CSybXR4Bu8U1Fsqg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_childphones-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/06/ 71 KB
72 KB 72ms
71ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/06/300x200_Blog_childphones-1.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

6d82164a8b75a7961fd54f46b2b985fd3bf0f16994631f025ef704eaef35f509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 09 Jun 2022 18:55:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "a4dc9fcd6611c8cd1a73df4e5271235a"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 72723
x-amz-cf-id: lPE-BbRdCIqdftotWEtQDx3GbN8aj4rJz8-n6YFzzIQAl1UO_fxCNg==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_MFE_Blogs_051722_Blog-1.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/05/ 65 KB
66 KB 77ms
76ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/05/300x200_Blog_MFE_Blogs_051722_Blog-1.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

b69751883be604d7108841f66360e02134764e137438b491d830d2345149219f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 19 May 2022 04:29:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "386d66c33c0b8d8d4473988a9914bc58"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 66724
x-amz-cf-id: dXFm77V6NrY2ixPX-rfSKyFc-Mgh1X_QJCTwj9-qYgRFijrOGkLI8Q==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 300x200_Blog_backupday.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/03/ 68 KB
69 KB 96ms
95ms Image
image/jpeg 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/03/300x200_Blog_backupday.jpg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

bbc8f5b6465f291e62990af3187eb69b20b9924a0d5a078a4d5b01201c343702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 05 May 2022 13:35:12 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "de50fb4e804d4612d015af8b16be168f"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=10, origin; dur=6
accept-ranges: bytes
content-length: 69811
x-amz-cf-id: BVqK8ZKosGINTLsYIZ5HEvk7vpBF3MljZY0Sxi-n1dr6gG8L2bqubQ==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 slider-right-arrow.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 79ms
78ms Image
image/png 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/slider-right-arrow.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.6.8

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

fa251403ac153674157ed78351b757b362f9e0be8f6c5d595962b9033e488d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.6.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: FRA56-C2
etag: "569-5e4368f2cd440"
content-type: image/png
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=7, origin; dur=3
accept-ranges: bytes
content-length: 1385
x-amz-cf-id: GQ1W3ln4rqeZacllfsd8wMsU2TXxFahae6uAovhTZMQeBL02JX-oeA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 globe-icon.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
893 B 63ms
63ms Image
image/svg+xml 104.70.95.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/globe-icon.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.70.95.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-70-95-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Jul 2022 06:17:45 GMT
x-amz-cf-pop: DFW56-P2
etag: W/"43f-5e4368f2cd440"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 550
x-amz-cf-id: Y6m8I8x2_q2tjorZPRqS4soRUr6rYK4swcUlwdcKBN2eFYtr7WwzUA==
expires: Wed, 19 Oct 2022 03:27:04 GMT

GET
H2 200 adsct
t.co/i/ 43 B
377 B 147ms
115ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=6a0a58a0-c9b8-432b-8fe7-74f495169ff1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=da2dd67d-6230-4dca-82b5-8e3c1e47c349&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlgc&type=javascript&version=2.3.27

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-response-time: 108
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 6ac44df8861a43e7
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: bb537b8ed7c8dd5b86dc285c64dae1713d31899115a758664f70dd47c2e83638
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
395 B 310ms
108ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=6a0a58a0-c9b8-432b-8fe7-74f495169ff1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=da2dd67d-6230-4dca-82b5-8e3c1e47c349&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlgc&type=javascript&version=2.3.27

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-response-time: 101
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 238902950a2f2cdc
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: a2514eb061b59e7403bfff1780f2309481e9927e66ffbd007233aff1d874a05d
content-length: 43

GET
H2 200 utag.currency.js Show response
tags.tiqcdn.com/utag/tiqapp/ 3 KB
2 KB 7ms
7ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.currency.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 198df55e0af22cc49d7b2a5efcdae25b8325ba9a6bd33816786c5dc3f5dccb11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
last-modified: Tue, 18 Oct 2022 01:00:59 GMT
server: AkamaiNetStorage
etag: "403e27c2721d3ed5f32828aa1f42aaa9:1666054859.576711"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1802
expires: Thu, 03 Nov 2022 03:27:04 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
324 B 406ms
96ms Image
image/gif 206.19.49.24
ATT-CERFNET-BLOCK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=1259816&version=2.1.1&ref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&r=1666150024984
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 03:27:05 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
Server: Apache/2.4.6 (CentOS)
ETag: "2b-5850384029cff"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=56
Content-Length: 43

GET
H2 200 utag.276.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 34 KB
5 KB 14ms
11ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.276.js?utv=ut4.39.202207280846
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 03cb83fe07a916614f3ce8b33a1727c9b0ae141e1fefbcdc33cd322703e21c84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 06:17:59 GMT
server: AkamaiNetStorage
etag: "af10e0d0150e68ed8f36117e4d6337d0:1658297879.286928"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 5275
expires: Thu, 03 Nov 2022 03:27:04 GMT

GET
H2 200 utag.331.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 6 KB
2 KB 13ms
10ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.331.js?utv=ut4.39.202206151424
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ea2fcfa550c8e004fc94f03166e8d8da9a87e9770b21a30146af7f7297735407

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
content-encoding: gzip
last-modified: Tue, 21 Dec 2021 08:45:24 GMT
server: AkamaiNetStorage
etag: "59b591af9c74eed7eeee7eb9933434aa:1640076324.779275"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2298
expires: Thu, 03 Nov 2022 03:27:04 GMT

GET
H2 200 utag.356.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 106 KB
27 KB 20ms
16ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.356.js?utv=ut4.39.202210181427
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ff6c3f19010b840707e337b100fda4d354564596a26dc4f132c3d3e5da33b726

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Tue, 11 Oct 2022 11:29:51 GMT
server: AkamaiNetStorage
etag: "2eb8518b99f9f95a1b1c08bbba0f0d36:1665487790.860604"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 27166
expires: Thu, 03 Nov 2022 03:27:05 GMT

GET
H2 200 utag.444.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 19 KB
6 KB 16ms
13ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.444.js?utv=ut4.39.202204270556
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cc2a9ed4988e65c35ca3723e7b6941441eb3cdffb9c054fd02827e794470675f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 09:32:59 GMT
server: AkamaiNetStorage
etag: "b2cb1df33dd6b8a4f10369db69c7e7dd:1632130379.813891"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 6343
expires: Thu, 03 Nov 2022 03:27:05 GMT

GET
H2 200 utag.476.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 15ms
12ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.476.js?utv=ut4.39.202006041316
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: afca21f08d9897df9297beb699529b4a5e361fdb2e3ab514cbaea7c0f92d1e7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Thu, 31 Oct 2019 10:34:56 GMT
server: AkamaiNetStorage
etag: "6b2903b10789da4d6134a59bb1fc8a49:1572518096.337345"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2366
expires: Thu, 03 Nov 2022 03:27:05 GMT

GET
H2 200 utag.515.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 2 KB
1 KB 15ms
12ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.515.js?utv=ut4.39.202010011046
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 71d42e52ca35bfa15765b9b71e93054a357efb81f54b0bd578285acaeee52c1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Thu, 23 Jul 2020 12:04:49 GMT
server: AkamaiNetStorage
etag: "7365d951d30f1fa9668d0437fedeb4e3:1595505889.289423"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1048
expires: Thu, 03 Nov 2022 03:27:05 GMT

GET
H2 200 utag.518.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 4 KB
2 KB 17ms
14ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.518.js?utv=ut4.39.202209131210
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2c89216f71c61ef90798e0ca2055716b1ca1b22cbb30b2e8984050ae06acc778

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 12:45:08 GMT
server: AkamaiNetStorage
etag: "7cc04aa651cce060d80e6babeafad2bf:1654778708.036164"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2120
expires: Thu, 03 Nov 2022 03:27:05 GMT

GET
H2 200 utag.521.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 17ms
15ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.521.js?utv=ut4.39.202010011046
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3f1594b4a09de7b05aba88a7e26812cd1f4e178604947531bf76f9d863cbb4c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Wed, 15 Jul 2020 10:59:20 GMT
server: AkamaiNetStorage
etag: "c09f093e0e4ce83103416febd13a6294:1594810760.535353"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3237
expires: Thu, 03 Nov 2022 03:27:05 GMT

GET
H2 200 utag.523.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 2 KB
1 KB 18ms
16ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.523.js?utv=ut4.39.202201051242
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 27dc4635c254b8aa1eacc62b7819be57d827b663d41793078443ae7531d17f32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Thu, 27 Aug 2020 12:46:09 GMT
server: AkamaiNetStorage
etag: "fb30f56886da031845524ee15f427821:1598532369.53687"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1163
expires: Thu, 03 Nov 2022 03:27:05 GMT

GET
H2 200 utag.531.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 21ms
19ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.531.js?utv=ut4.39.202202081111
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cce031204e7dbe0400e16e76e68fd3c571b8c750eff6e4fcbd5e55f68534c442

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Tue, 01 Dec 2020 04:25:45 GMT
server: AkamaiNetStorage
etag: "3a9ced3787ddb191062f19331c8d30bd:1606796745.86938"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3239
expires: Thu, 03 Nov 2022 03:27:05 GMT

GET
H2 200 utag.537.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 3 KB
2 KB 22ms
20ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.537.js?utv=ut4.39.202012161058
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9f5a72ce12e3919467065700621f04a38ee421e307261fb75ba1f71355f01c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Wed, 14 Oct 2020 13:17:10 GMT
server: AkamaiNetStorage
etag: "8b5d313be7f848419f47125d0c6664fd:1602681430.396878"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1538
expires: Thu, 03 Nov 2022 03:27:05 GMT

GET
H2 200 utag.585.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 4 KB
2 KB 22ms
20ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.585.js?utv=ut4.39.202210181427
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a62c9c49e1cdd2d4cd67021c291b34b1df60b2a5e4f339fb96280b4f450054e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Tue, 11 Oct 2022 11:29:50 GMT
server: AkamaiNetStorage
etag: "54a1e3346a37c852e92bdfc3c5e82da4:1665487790.330363"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1368
expires: Thu, 03 Nov 2022 03:27:05 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 8ms
8ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=766537420057144&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&rl=&if=false&ts=1666150024998&sw=1600&sh=1200&v=2.9.86&r=stable&ec=0&o=30&fbp=fb.1.1666150024818.358181807&it=1666150024491&coo=false&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 19 Oct 2022 03:27:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 451 365868.gif
idsync.rlcdn.com/ Frame 5A56 0
98 B 120ms
38ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=76050290962773638584010539314410030831
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mcafeeinc.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 126ms
49ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1666150024795&cv=9&fst=1666148400000&num=2&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&fmt=3&is_vtc=1&random=1571398550&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 126ms
50ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1666150024795&cv=9&fst=1666148400000&num=2&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&fmt=3&is_vtc=1&random=1571398550&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 108 KB
42 KB 194ms
112ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-35949610-14&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

69cfbc38bb7a30b5973188b36de5afac71d747d10d3a4556a1b32d810027b3f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43051
x-xss-protection: 0
last-modified: Wed, 19 Oct 2022 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 107 KB
42 KB 180ms
98ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-5471927&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4605acd00c25cb5627e418ac37d50a42daf2806d6a8758fa81e12361e5e9da63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43045
x-xss-protection: 0
last-modified: Wed, 19 Oct 2022 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 133 KB
51 KB 201ms
121ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-597407903&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

692cdc9be3762655ec80e29c7eadd14f2202e2cc3b63771943eab95e2e98aad6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52327
x-xss-protection: 0
last-modified: Wed, 19 Oct 2022 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 41 KB
15 KB 122ms
55ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15192
x-xss-protection: 0
server: cafe
etag: 699633608045481581
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H/1.1 200
OK events.js Show response
tags.srv.stackadapt.com/ 17 KB
6 KB 415ms
102ms Script
text/javascript 54.227.198.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.515.js?utv=ut4.39.202010011046
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.227.198.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-227-198-216.compute-1.amazonaws.com
Software: /
Resource Hash: e40d530457890331f6f1e49d3f4df07aa958f808c665295355d359bb80a80bb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Oct 2022 03:27:05 GMT
Cache-Control: max-age=5
Content-Encoding: gzip
Connection: keep-alive
Content-Length: 5407
Content-Type: text/javascript

GET
H2 200 adsct
t.co/i/ 43 B
203 B 121ms
121ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=2793da5a-c800-4e97-a783-4221056fa274&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=da2dd67d-6230-4dca-82b5-8e3c1e47c349&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlgc&type=javascript&version=2.3.27

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-response-time: 110
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 3a24a5071c917508
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: bb537b8ed7c8dd5b86dc285c64dae1713d31899115a758664f70dd47c2e83638
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
216 B 179ms
111ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=2793da5a-c800-4e97-a783-4221056fa274&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=da2dd67d-6230-4dca-82b5-8e3c1e47c349&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlgc&type=javascript&version=2.3.27

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-response-time: 104
date: Wed, 19 Oct 2022 03:27:04 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: f2168db11488e39a
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: a2514eb061b59e7403bfff1780f2309481e9927e66ffbd007233aff1d874a05d
content-length: 43

POST
H/1.1 201
Created messages Show response
cu1pehnsweb01.servicebus.windows.net/webp32h01/ 0
309 B 505ms
131ms XHR
application/xml 104.208.16.0
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cu1pehnsweb01.servicebus.windows.net/webp32h01/messages?timeout=60&api-version=2014-01

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
type: entry
Authorization: SharedAccessSignature sr=http%3a%2f%2fcu1pehnsweb01.servicebus.windows.net%2fwebp32h01&sig=egeBP80h1RMGKxIU3lvC2c7N8fqicJTBSJTk9weZQwA%3d&se=2188580224&skn=webp32h01send
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.mcafee.com
Strict-Transport-Security: max-age=31536000
Date: Wed, 19 Oct 2022 03:27:05 GMT
Access-Control-Allow-Credentials: true
Server: Microsoft-HTTPAPI/2.0
Transfer-Encoding: chunked
Content-Type: application/xml; charset=utf-8

OPTIONS
H/1.1 200
OK messages
cu1pehnsweb01.servicebus.windows.net/webp32h01/ Frame 0
0 575ms
135ms Preflight 104.208.16.0
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cu1pehnsweb01.servicebus.windows.net/webp32h01/messages?timeout=60&api-version=2014-01

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,type
Access-Control-Request-Method: POST
Origin: https://www.mcafee.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,content-type,type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: https://www.mcafee.com
Access-Control-Max-Age: 3600
Content-Length: 0
Date: Wed, 19 Oct 2022 03:27:05 GMT
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 117 KB
46 KB 119ms
56ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-614089511&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7f889b82f5b2e7af8fca5e0566f40f1d739ce5800ddf76b5a8e6bd57b32ff683

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47344
x-xss-protection: 0
last-modified: Wed, 19 Oct 2022 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 117 KB
46 KB 146ms
84ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-614089511

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.521.js?utv=ut4.39.202010011046

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c5ff486b59e0f29b1e547e9534deb1673f2218feb9e925d4f35371a5a23f1cd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47344
x-xss-protection: 0
last-modified: Wed, 19 Oct 2022 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H3 200 577185772377767 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 231ms
231ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/577185772377767?v=2.9.86&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

178fc67d6359b2194335ab06ed01a8fc7b8c9474d538e9cf9ce4a7b34fd0feb4

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 19 Oct 2022 03:27:05 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: RtEz63uyGa/qa8vzL+ZHFypbCETnW6uwl05aw3Ct9uKHiWZtkoKjqb3LFDP99OdBXTiN9QhizOGCwopnJvwgZA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 star.gif
jelly.mdhv.io/v1/ 43 B
235 B 723ms
659ms Image
image/gif 216.239.36.21
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jelly.mdhv.io/v1/star.gif?pid=Fm4ZsumnWdLJITEAOIqxG583lBzi&src=mh&evt=hi&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&_rnd=0.9650648553020085
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.36.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: any-in-2415.1e100.net
Software: Google Frontend /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
server: Google Frontend
content-type: image/gif
x-cloud-trace-context: 3fa1c037b26481277384412ee7ff5731
cache-control: no-store,no-cache,must-revalidate,max-age=0,post-check=0,pre-check=0
content-length: 43
expires: -1

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 190 KB
68 KB 116ms
56ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-740246542&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

24d0f07cd53b7aa874aa0b15b32dac373b5ad237c477d9787dd8c784e2e6c6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69660
x-xss-protection: 0
last-modified: Wed, 19 Oct 2022 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 26 KB
10 KB 69ms
8ms Script
application/javascript 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e7aaa31aec9d6a9f88c0af5d361aff3e7828ace0fb0c55ab35922025e12700b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
etag: "cbFpuah7ilcpMTJLYeCgng=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Wed, 26 Oct 2022 03:27:05 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 16 KB
6 KB 85ms
26ms Script
application/javascript 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

249c4eba880cfb74e1b6e1d1048def310636dc3b1ce5b3fe525703fd4025238f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:04 GMT
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
content-encoding: gzip
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
x-amz-request-id: ZERVZFE8BXNYEACQ
age: 2
x-amz-server-side-encryption: AES256
x-amz-id-2: Ad3AGnEKqaveSsdvnw0pRZUNh+zOO49I0wOOUvNWIAiOBfxkWWlD0wS1oV1jXxLOkpT1xkdrrJk=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
server: ATS
etag: "6a624022b5d271dcefb070b0b6670abc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=3600
accept-ranges: bytes

GET
H2 200 1eb8bd09b246.js Show response
w.usabilla.com/ Frame 0853 245 KB
26 KB 116ms
31ms Script
text/javascript 52.215.83.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://w.usabilla.com/1eb8bd09b246.js?lv=1
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.83.17 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-83-17.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d35375ddafcfcbfd86e19aa65db30cc03f22e71d165953096bf365ffaf53838a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-widget-server: 2.1
etag: "b2b55e1f670d445210c17c6c2da5ab39"
content-type: text/javascript
cache-control: public,max-age=0
content-length: 26676

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
216 B 8ms
7ms Script
application/x-javascript 23.35.236.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mcafee/consumer-main/202210181427&cb=1666150025065
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 19 Oct 2022 03:27:05 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Wed, 19 Oct 2022 03:37:05 GMT

GET
H2 200 s38596269306460
smetrics.mcafee.com/b/ss/mcafeewwconsumermain/1/JS-2.9.0/ 43 B
329 B 23ms
22ms Image
image/gif 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.mcafee.com/b/ss/mcafeewwconsumermain/1/JS-2.9.0/s38596269306460?AQB=1&ndh=1&pf=1&t=19%2F9%2F2022%203%3A27%3A5%203%200&sdid=6309AF1C9A454DED-1E5413247A602AB6&mid=71133811180220312794365676453993766354&aamlh=6&ce=UTF-8&ns=mcafeeconsumer&g=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&events=event120%2Cevent1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cnew-teslacrypt-ransomware-arrives-via-spam&v1=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cnew-teslacrypt-ransomware-arrives-via-spam&c5=%5Bconsumer%3Aweb%5Dother-blogs&v5=%5Bconsumer%3Aweb%5Dother-blogs&c6=%5Bconsumer%3Aweb%5Dmcafee-labs&v6=%5Bconsumer%3Aweb%5Dmcafee-labs&c7=Page%20Name-%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cnew-teslacrypt-ransomware-arrives-via-spam&c8=www.mcafee.com&v8=new&c9=en-us&v9=en-us&v13=%3A&v14=direct&c15=consumer&v15=consumer&v20=na&v21=united%20states&v23=8%3A00PM&v24=Tuesday&c26=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&v26=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&c33=web&v33=web&v116=new-teslacrypt-ransomware-arrives-via-spam&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&AQE=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 20 Oct 2022 03:27:05 GMT
server: jag
etag: 3578029934580695040-4619843387715192461
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 18 Oct 2022 03:27:05 GMT

GET
H2 200 rules-p-hvA1U3-AR_BCf.js Show response
rules.quantcount.com/ 3 KB
2 KB 36ms
9ms Script
application/javascript 2600:9000:2057:ca00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-hvA1U3-AR_BCf.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:ca00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 906929fcaca893402966281fdfa7dc7c5260487f461689ce3f07e1da9a7821ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:03:00 GMT
content-encoding: gzip
via: 1.1 89c822bb1ce1445a7be6d1057088cfbe.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 1528
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Thu, 13 Oct 2022 22:16:46 GMT
server: AmazonS3
etag: W/"e70c9acd05513ed700928617d5aeda7e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-id: Tle45h65W8LAZC9YvMONQ3oOvYzoE-LkNL-zNPOKormx5ge-VP1gYg==

GET
H2 200 pixel;r=525511888;source=TLM;rf=3;a=p-hvA1U3-AR_BCf;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F;uht=2;fpan=1;fpa=P0-16399310...
pixel.quantserve.com/ 35 B
372 B 36ms
10ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=525511888;source=TLM;rf=3;a=p-hvA1U3-AR_BCf;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F;uht=2;fpan=1;fpa=P0-1639931028-1666150025115;pbc=;ns=0;ce=1;qjs=1;qv=7a1cba14-20221011131736;cm=;gdpr=0;ref=;d=mcafee.com;dst=0;et=1666150025114;tzo=0;ogl=locale.en_US%2Ctype.article%2Ctitle.New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog%2Cdescription.During%20the%20last%20couple%20of%20weeks%252C%20McAfee%20Labs%20has%20observed%20a%20huge%20increase%20in%20spa%2Curl.https%3A%2F%2Fwww%252Emcafee%252Ecom%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-a%2Csite_name.McAfee%20Blog%2Cimage.https%3A%2F%2Fsecuringtomorrow%252Emcafee%252Ecom%2Fwp-content%2Fuploads%2FDec2015Tesla-zip-attached;ses=7a979792-225a-497b-aa3f-16f425fa3b86

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 10180750.json Show response
s.yimg.com/wi/config/ 2 B
450 B 62ms
22ms XHR
application/json 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10180750.json

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:26:11 GMT
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
x-amz-request-id: 9G67DMQR0NQ3YSFA
age: 54
content-length: 2
x-amz-id-2: XWjM9lbCZV9NNiQs07+v1cAz+ux7WURENFJFlII37sdsKdCOUSYawUeKGD8zkRWG4/sU2x1VGJY=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: public,max-age=3600

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 3 KB
1 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1666150025166&cv=9&fst=1666150025166&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&ig=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dnew-teslacrypt-ransomware-arrives-via-spam%3Bcontent_group5%3D%3Bauthor%3DMcAfee%3BpubDate%3DJan%2005%5C%2C%202016%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05f3a8114c258832588d613f1c27294994ab595d6fd7c3c66a3f3e4b5c08b347

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1208
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
633 B 122ms
38ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=1000&d=Wed%2C%2019%20Oct%202022%2003%3A27%3A05%20GMT&n=0&b=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&.yp=10180750&f=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&enc=UTF-8&yv=1.13.0&et=custom&tagmgr=tealium%2Cgtm%2Cadobe

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
expires: Wed, 19 Oct 2022 03:27:05 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 56ms
56ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1666150025166&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dnew-teslacrypt-ransomware-arrives-via-spam%3Bcontent_group5%3D%3Bauthor%3DMcAfee%3BpubDate%3DJan%2005%5C%2C%202016%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=1749841148&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 53ms
52ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1666150025166&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dnew-teslacrypt-ransomware-arrives-via-spam%3Bcontent_group5%3D%3Bauthor%3DMcAfee%3BpubDate%3DJan%2005%5C%2C%202016%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=1749841148&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/614089511/ 2 KB
1 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/614089511/?random=1666150025299&cv=9&fst=1666150025299&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b798b54d656030b62b8458c55a03b732bbb998f302e9a22765da4490e77f5c49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1102
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

dc_pre=CL68osOs6_oCFT1FHgIdi6kCtQ;src=5471927;type=;cat=;gtm=2odah0;auiddc=*;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=5471927;type=;cat=;gtm=2odah0;auiddc=2099110391.1666150025;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware...
https://ad.doubleclick.net/activity;dc_pre=CL68osOs6_oCFT1FHgIdi6kCtQ;src=5471927;type=;cat=;gtm=2odah0;auiddc=2099110391.1666150025;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafe...
https://adservice.google.com/ddm/fls/z/dc_pre=CL68osOs6_oCFT1FHgIdi6kCtQ;src=5471927;type=;cat=;gtm=2odah0;auiddc=*;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-tesl...

42 B
494 B

171ms
73ms

Image
image/gif

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CL68osOs6_oCFT1FHgIdi6kCtQ;src=5471927;type=;cat=;gtm=2odah0;auiddc=*;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CL68osOs6_oCFT1FHgIdi6kCtQ;src=5471927;type=;cat=;gtm=2odah0;auiddc=*;~oref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 127ms
38ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-35949610-14&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 19 Oct 2022 03:15:57 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 668
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 19 Oct 2022 05:15:57 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 8ms
8ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=577185772377767&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&rl=&if=false&ts=1666150025341&sw=1600&sh=1200&v=2.9.86&r=stable&ec=0&o=30&fbp=fb.1.1666150024818.358181807&it=1666150024491&coo=false&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 19 Oct 2022 03:27:05 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 8ms
8ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=577185772377767&ev=ViewContent&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&rl=&if=false&ts=1666150025341&cd[content_type]=product&sw=1600&sh=1200&v=2.9.86&r=stable&ec=1&o=30&fbp=fb.1.1666150024818.358181807&it=1666150024491&coo=false&tm=1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 19 Oct 2022 03:27:05 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 2 KB
1 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1666150025378&cv=11&fst=1666150025378&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-740246542&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dcc0d9a4a6a778a99a4ed393dd5276635f9055e788993b04ab4c51a7d981f728

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1031
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 2 KB
1 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1666150025388&cv=11&fst=1666150025388&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-740246542&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aff7c51e4aa5b650f0c761dfe726fef1172196873f21e80a7d19c8844296ee6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1029
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/597407903/ 3 KB
1 KB 60ms
57ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/597407903/?random=1666150025405&cv=9&fst=1666150025405&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&ig=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dnew-teslacrypt-ransomware-arrives-via-spam%3Bcontent_group5%3D%3Bauthor%3DMcAfee%3BpubDate%3DJan%2005%5C%2C%202016%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca1c00cd45f96f4d0d08b8a4446e533ba2e2679a7c02bcd236dbd574a6993f21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1210
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 2 KB
1 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1666150025408&cv=9&fst=1666150025408&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8171233aa4322a6ab896d8e461d044bf3cb58e2912af103b3d83fc5446ec53f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1104
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 2 KB
1 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1666150025409&cv=9&fst=1666150025409&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

937256285819dbf55cb907b317a3fc5e21c3a5033b723b4a670bc437c1da7de0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1104
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 5CCF 0
15 B 9ms
9ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 03:27:05 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 2 KB
1 KB 69ms
69ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1666150025421&cv=11&fst=1666150025421&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&data=event%3Dform_submit&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-740246542&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ff46d3a83b26ebcd4426e6ef1bc2045fdfc5b9da72e61f7c3f9332256eca0ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1029
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 7B4E 0
15 B 8ms
7ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 03:27:05 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 s38921385416439 Show response
smetrics.mcafee.com/b/ss/mcafeeenterprise/10/JS-2.20.0-LBWB/ 491 B
740 B 44ms
43ms Script
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.mcafee.com/b/ss/mcafeeenterprise/10/JS-2.20.0-LBWB/s38921385416439?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=19%2F9%2F2022%203%3A27%3A5%203%200&d.&nsid=0&jsonv=1&.d&sdid=6309AF1C9A454DED-1E5413247A602AB6&mid=71133811180220312794365676453993766354&aamlh=6&ce=UTF-8&pageName=other-blogs%3Amcafee-labs%3Anew-teslacrypt-ransomware-arrives-via-spam&g=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&cc=USD&ch=other-blogs&server=www.mcafee.com&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3DpageName&v1=D%3DpageName&c5=D%3Dv5&v5=other-blogs&c6=D%3Dv6&v6=mcafee-labs&c8=D%3Dv153&c16=McAfee&c26=D%3Dg&v26=D%3Dg&c51=%7C&c52=Jan%2005%2C%202016&c56=D%3Dv159&c57=D%3Dv160&c58=D%3Dv161&c59=D%3Dv180&c60=New&c62=D%3Dr&c75=D%3Dv190&v98=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F106.0.5249.119%20Safari%2F537.36&v100=2.20.0&v153=www.mcafee.com&v154=us&v155=english&v166=%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C403%7C&v180=year%3D2022%20%7C%20month%3DOctober%20%7C%20date%3D18%20%7C%20day%3DTuesday%20%7C%20time%3D8%3A27%20PM&v181=New&v184=D%3Dmid&v185=Direct%2FBookmarked&v187=na&v188=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&v190=new-teslacrypt-ransomware-arrives-via-spam&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

f5f77830582c3d8363ad6baad3151c9b14e33bd94602542c31123d38d0dd16e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-aam-tid: MMBWYaadRBo=
date: Wed, 19 Oct 2022 03:27:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
content-length: 491
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v044-0c2abce33.edge-irl1.demdex.com 4 ms
pragma: no-cache
last-modified: Thu, 20 Oct 2022 03:27:05 GMT
server: jag
etag: 3578029934934523904-4619898813194203684
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Tue, 18 Oct 2022 03:27:05 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/614089511/ 42 B
64 B 50ms
49ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/614089511/?random=1666150025299&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3950022443&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/614089511/ 42 B
64 B 54ms
49ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/614089511/?random=1666150025299&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3950022443&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK sa.css
tags.srv.stackadapt.com/ 65 B
292 B 106ms
105ms Stylesheet
text/css 54.227.198.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.227.198.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-227-198-216.compute-1.amazonaws.com
Software: /
Resource Hash: 53d356b45cf6078203c81769bfc737d350208d58b10ce17ea8e3c55f6b68fad8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Oct 2022 03:27:05 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 65
Content-Type: text/css

GET
H/1.1 200
OK sa.jpeg Show response
tags.srv.stackadapt.com/ 0
881 B 414ms
102ms Fetch
image/jpeg 54.227.198.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.227.198.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-227-198-216.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Oct 2022 03:27:05 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 651
Content-Type: image/jpeg

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 60ms
58ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1666150025378&cv=11&fst=1666148400000&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1910058852&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 62ms
57ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1666150025378&cv=11&fst=1666148400000&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1910058852&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 60ms
56ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1666150025388&cv=11&fst=1666148400000&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3958830543&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 61ms
57ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1666150025388&cv=11&fst=1666148400000&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&data=event%3Dpage_view&fmt=3&is_vtc=1&random=3958830543&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 130ms
45ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=827913604&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&ul=en-us&de=UTF-8&dt=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GBACUABBAAAACAAI~&jid=1352251222&gjid=1870110237&cid=838636883.1666150025&tid=UA-35949610-14&_gid=1117074210.1666150025&_r=1&gtm=2ouah0&cd1=na&cd2=us&cd3=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&cd9=&cd10=new-teslacrypt-ransomware-arrives-via-spam&cd13=&cd16=McAfee&cd17=Jan%2005%2C%202016&cg1=blogs&cg2=other-blogs&cg3=mcafee-labs&cg4=new-teslacrypt-ransomware-arrives-via-spam&cg5=&z=701805558

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 51ms
51ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1666150025408&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=2800109341&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 55ms
50ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1666150025408&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=2800109341&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/597407903/ 42 B
64 B 55ms
50ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/597407903/?random=1666150025405&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dnew-teslacrypt-ransomware-arrives-via-spam%3Bcontent_group5%3D%3Bauthor%3DMcAfee%3BpubDate%3DJan%2005%5C%2C%202016%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3480496107&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/597407903/ 42 B
64 B 60ms
54ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/597407903/?random=1666150025405&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dnew-teslacrypt-ransomware-arrives-via-spam%3Bcontent_group5%3D%3Bauthor%3DMcAfee%3BpubDate%3DJan%2005%5C%2C%202016%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=3480496107&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 60ms
55ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1666150025409&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=2294839033&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 61ms
56ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1666150025409&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=2294839033&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 2 KB
1 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1666150025520&cv=9&fst=1666150025520&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d016d4afbe8f4e956b6c7f1e8efcb43a914885176cad4875c4f3857e137f7bcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1104
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 2 KB
1 KB 75ms
65ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1666150025525&cv=11&fst=1666150025525&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&data=event%3Dform_submit&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-740246542&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2e00ace79096d7e7c02507ed146f1ebfae22a6f56db4d69c67c952b0824e623

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1029
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 4C50 0
15 B 20ms
10ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 03:27:05 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 70ms
58ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1666150025421&cv=11&fst=1666148400000&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&data=event%3Dform_submit&fmt=3&is_vtc=1&random=3736329469&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 68ms
55ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1666150025421&cv=11&fst=1666148400000&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&data=event%3Dform_submit&fmt=3&is_vtc=1&random=3736329469&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 55ms
48ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1666150025520&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=797106043&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 61ms
51ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1666150025520&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=797106043&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 51ms
50ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1666150025525&cv=11&fst=1666148400000&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&data=event%3Dform_submit&fmt=3&is_vtc=1&random=1488522550&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 51ms
50ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1666150025525&cv=11&fst=1666148400000&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&data=event%3Dform_submit&fmt=3&is_vtc=1&random=1488522550&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 67ms
19ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-35949610-14&cid=838636883.1666150025&jid=1352251222&gjid=1870110237&_gid=1117074210.1666150025&_u=4GBACUAABAAAACAAI~&z=2074868104

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 19 Oct 2022 03:27:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 49ms
49ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-35949610-14&cid=838636883.1666150025&jid=1352251222&_u=4GBACUAABAAAACAAI~&z=1406724237

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 65ms
65ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-35949610-14&cid=838636883.1666150025&jid=1352251222&_u=4GBACUAABAAAACAAI~&z=1406724237

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 2 KB
1 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1666150025853&cv=9&fst=1666150025853&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8dc89a8ca0f73b8c5ca251f6a2c9d202f98a52797a21b0016beca515b0ef3484

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1105
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 2 KB
1 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1666150025857&cv=11&fst=1666150025857&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&auid=2099110391.1666150025&data=event%3Dform_submit&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-740246542&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c4f11ddf1ca110b8ba4a2c709148a88a4c2c4505fb40aa357f79a0ab4601241

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1032
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame A12E 0
15 B 9ms
7ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 03:27:05 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK saq_pxl Show response
tags.srv.stackadapt.com/ 141 B
444 B 106ms
106ms XHR
text/plain 54.227.198.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=uSyobPfzhDJe2LRnhI_IVA&is_js=true&landing_url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&t=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&tip=ujyyXToI_HnlDcuN2IT4YvCLJ9atFtqGXSwxL7mL0vg&host=https://www.mcafee.com&sa_conv_data_css_value=%20%220-b354660c-aead-4a1f-6518-723960c1342a%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd94fc8edb22a5d4c1b740cb0ed39d18e56b9d59ba8&sa-user-id-v2=s%253A0-b354660c-aead-4a1f-6518-723960c1342a%2524ip%2524185.213.155.168.op4o5X1g3T1n9iVb8d%252F2KuAO%252Fyrwfri0GfHDEAP9ccs&sa-user-id=s%253A0-b354660c-aead-4a1f-6518-723960c1342a.vK6hU8SQ2nWN1UXTjpXfZ9QAPvsSJ4UanlxHVjmuH%252Fg
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.227.198.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-227-198-216.compute-1.amazonaws.com
Software: /
Resource Hash: 597b7ac8d3516dea5bcb9a2820cb005616de5ccfdc990d09fed05472e9b763b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 03:27:05 GMT
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.mcafee.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 141

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 51ms
50ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1666150025853&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=284479510&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 50ms
49ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1666150025853&cv=9&fst=1666148400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaah0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&async=1&fmt=3&is_vtc=1&random=284479510&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 48ms
48ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1666150025857&cv=11&fst=1666148400000&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&data=event%3Dform_submit&fmt=3&is_vtc=1&random=3409891229&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 47ms
46ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1666150025857&cv=11&fst=1666148400000&bg=ffffff&guid=ON&async=1&gtm=2oaah0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fnew-teslacrypt-ransomware-arrives-via-spam%2F&tiba=New%20TeslaCrypt%20Ransomware%20Arrives%20via%20Spam%20%7C%20McAfee%20Blog&data=event%3Dform_submit&fmt=3&is_vtc=1&random=3409891229&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC4fa51485b5894d1cb92974356ae0fc00-source.min.js Show response
assets.adobedtm.com/97913309b792/00f161500c52/07eb4e49d341/ 828 B
708 B 8ms
8ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/97913309b792/00f161500c52/07eb4e49d341/RC4fa51485b5894d1cb92974356ae0fc00-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e02c6dc391e7e999f146bc443a116e1f35609f4faecbafedd55aaa3a0c7f234d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 03:27:05 GMT
content-encoding: gzip
last-modified: Thu, 31 Mar 2022 21:15:51 GMT
server: AkamaiNetStorage
etag: "ab1faf76266ac8bdf276f0bda62d7148:1648761351.579427"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 443
expires: Wed, 19 Oct 2022 04:27:05 GMT

GET
H/1.1 200
OK mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame 75D4 3 KB
3 KB 32ms
7ms Image
image/png 99.86.1.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d6tizftlrpuof.cloudfront.net/themes/production/mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.1.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-1-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0f12048dcefe9bc239ae8d17fc0977bb7a704c86d72fab2a17393a056a20bebd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 01:45:19 GMT
x-amz-version-id: e0DDjde5j886.zf5qCShAnB86PP.hmFt
Via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
Last-Modified: Fri, 08 Oct 2021 16:35:12 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA6-C1
Age: 6108
ETag: "1944989b2cb625c962c6ef510fb08a96"
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=315360000, no-transform, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2675
X-Amz-Cf-Id: mugKY0MhGyaaUD_3sI6mtngzev_stpt5Na7f61H_eMA9o4KFd-hl8g==

POST
H2 204 /
173bf104.akstat.io/ 0
201 B 146ms
137ms Ping
image/gif 2a02:26f0:1700:391::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://173bf104.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:1700:391::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 03:27:06 GMT
content-type: image/gif
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Wed, 19 Oct 2022 03:27:06 GMT

Verdicts & Comments Add Verdict or Comment

189 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam	1969-12-31 23:59:59	Name: local-user-context Value: null
www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam	1969-12-31 23:59:59	Name: dnbDetails Value: \|\|\|\|\|\|\|\|\|\|403\|
.mcafee.com/	1970-01-20 06:49:13	Name: AKA_A2 Value: A
.demdex.net/	1970-01-20 11:08:22	Name: demdex Value: 76050290962773638584010539314410030831
.mcafee.com/	1969-12-31 23:59:59	Name: AMCVS_A729776A5245B1590A490D44%40AdobeOrg Value: 1
.mcafee.com/	1970-01-20 16:25:10	Name: s_ecid Value: MCMID%7C71133811180220312794365676453993766354
.mcafee.com/	1970-01-20 08:58:46	Name: _fbp Value: fb.1.1666150024818.358181807
.everesttech.net/	1970-01-20 15:34:46	Name: everest_g_v2 Value: g_surferid~Y09uiAAAAFprXAN-
.techtarget.com/	1970-01-20 06:49:11	Name: __cf_bm Value: efSbt4D8Q03FXnzOxcm7.KMcj.AHf8rZSsgw0AQ1mS0-1666150024-0-AQdgO15pMzOKnW1UP5UZkzmYEDFLWHIvtkgOVZ+0F14nvFma9FiiDe7w6vJE5wEWsQJyXpwK8RVoVAPNTjvSvLg=
.dpm.demdex.net/	1970-01-20 11:08:22	Name: dpm Value: 76050290962773638584010539314410030831
.doubleclick.net/	1970-01-20 16:10:46	Name: IDE Value: AHWqTUnnDuv5Pail4BMlz-sOUrIy4jVj-fUJR7VRNZrgzRof8BhjGdR9j5TF80PE
.demdex.net/	1970-01-20 11:08:22	Name: dextp Value: 60-1-1666150024999
.mcafee.com/	1970-01-20 16:25:10	Name: AMCV_A729776A5245B1590A490D44%40AdobeOrg Value: -408604571%7CMCIDTS%7C19285%7CMCMID%7C71133811180220312794365676453993766354%7CMCAAMLH-1666754824%7C6%7CMCAAMB-1666754824%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1666157224s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19292%7CvVersion%7C4.6.0
.mcafee.com/	1970-01-20 08:58:46	Name: _gcl_au Value: 1.1.2099110391.1666150025
.mcafee.com/	1970-01-20 16:25:10	Name: run_fs_for_user Value: false
.mcafee.com/	1970-01-20 15:34:46	Name: utag_main Value: v_id:0183ee47c6e7000196f82abb838b03074006006c00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1666151824935$ses_id:1666150024935%3Bexp-session$vapi_domain:mcafee.com
.mcafee.com/	1970-01-20 06:49:11	Name: s_gpv Value: %5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cnew-teslacrypt-ransomware-arrives-via-spam
.mcafee.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.t.co/	1970-01-20 16:25:10	Name: muc_ads Value: e84ef216-a7df-46b6-8ed6-cfc9e6d6651e
.quantserve.com/	1970-01-20 16:19:24	Name: mc Value: 634f6e89-2811b-714e2-935f6
.mcafee.com/	1970-01-20 16:13:38	Name: __qca Value: P0-1639931028-1666150025115
.twitter.com/	1970-01-20 16:25:10	Name: personalization_id Value: "v1_L3++mExYOafFXop93wmOig=="
.linkedin.com/	1970-01-20 07:32:22	Name: UserMatchHistory Value: AQJUoCctrjSy3AAAAYPuR8e5RTKznZ6gdvSz3Dj_hSLnXTBTJaJOgv2JBlLXSbN_0yMDIO37bJXDlw
.linkedin.com/	1970-01-20 07:32:22	Name: AnalyticsSyncHistory Value: AQKCXdG0jmTDGwAAAYPuR8e5NHwW7Mm4b8LcHLiVL9BSyzAs9VQBoT8Cq5t9ks-6VyPJj9IY_rTrcWor3klERw
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 15:34:46	Name: bcookie Value: "v=2&9db27cdd-7630-4a91-83f5-fe5d2e172643"
.linkedin.com/	1970-01-20 06:50:36	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2362:u=1:x=1:i=1666150025:t=1666236425:v=2:sig=AQGoYBd1DTtJFN_bAKprvHAv-VX4JKHl"
.yahoo.com/	1970-01-20 15:35:07	Name: A3 Value: d=AQABBIluT2MCEPG0Rp3uJSWbjOxthb7qBMgFEgEBAQHAUGNZYwAAAAAA_eMAAA&S=AQAAAvoYilFZ4aYW95Lf4S0qTxc
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 15:34:46	Name: bscookie Value: "v=1&202210190327053532276e-558a-4436-8275-8374b8bb1308AQHlwdxHIZo9wKm7sDaHpDOJUNz_lO7f"
.linkedin.com/	1970-01-20 11:08:22	Name: li_gc Value: MTswOzE2NjYxNTAwMjU7MjswMjFW7HO/sB/+HEdk2gdFawytfmsq/O0L7DZpGfF8Euu3cA==
.mcafee.com/	1970-01-20 15:34:46	Name: s_nr Value: 1666150025445-New
tags.srv.stackadapt.com/	1970-01-20 15:34:46	Name: sa-user-id Value: s%3A0-b354660c-aead-4a1f-6518-723960c1342a.vK6hU8SQ2nWN1UXTjpXfZ9QAPvsSJ4UanlxHVjmuH%2Fg
.srv.stackadapt.com/	1970-01-20 15:34:46	Name: sa-user-id-v2 Value: s%3As1RmDK6tSh9lGHI5YME0KrnVm6g.QFyJm4X5D%2BStQbxPETDy6OhvDlUMRc1ezVE8AEgjdjc
.mcafee.com/	1970-01-20 06:49:11	Name: gpv Value: other-blogs%3Amcafee-labs%3Anew-teslacrypt-ransomware-arrives-via-spam
.mcafee.com/	1969-12-31 23:59:59	Name: tp Value: 13770
.mcafee.com/	1969-12-31 23:59:59	Name: s_ppv Value: other-blogs%253Amcafee-labs%253Anew-teslacrypt-ransomware-arrives-via-spam%2C9%2C9%2C1200
www.mcafee.com/	1970-01-20 15:34:46	Name: sa-user-id Value: s%253A0-b354660c-aead-4a1f-6518-723960c1342a.vK6hU8SQ2nWN1UXTjpXfZ9QAPvsSJ4UanlxHVjmuH%252Fg
www.mcafee.com/	1970-01-20 15:34:46	Name: sa-user-id-v2 Value: s%253A0-b354660c-aead-4a1f-6518-723960c1342a%2524ip%2524185.213.155.168.op4o5X1g3T1n9iVb8d%252F2KuAO%252Fyrwfri0GfHDEAP9ccs
.mcafee.com/	1970-01-20 16:25:10	Name: _ga Value: GA1.2.838636883.1666150025
.mcafee.com/	1970-01-20 06:50:36	Name: _gid Value: GA1.2.1117074210.1666150025
.mcafee.com/	1970-01-20 06:49:10	Name: _gat_gtag_UA_35949610_14 Value: 1
.mcafee.com/	1970-01-20 07:32:22	Name: Target_Test Value: seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040
.mcafee.com/	1970-01-20 09:13:10	Name: aam_uuid Value: 76050290962773638584010539314410030831
www.mcafee.com/	1969-12-31 23:59:59	Name: usbls Value: 1
.mcafee.com/	1970-01-20 06:59:14	Name: RT Value: "z=1&dm=mcafee.com&si=081e2a8e-5457-44de-9284-05145599100b&ss=l9f2pcp2&sl=1&tt=39s&bcn=%2F%2F173bf104.akstat.io%2F&ld=39v"

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/(Line 1765) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/(Line 1765) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=76050290962773638584010539314410030831 Message: Failed to load resource: the server responded with a status of 451 ()
javascript	warning	URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/ Message: The resource https://www.mcafee.com/etc.clientlibs/mcafee-consumer-wcm-themes/resources/fonts/fontawesome-webfont.4.4.0.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/ Message: The resource https://www.mcafee.com/etc.clientlibs/mcafee-consumer-wcm-themes/resources/fonts/opensans-regular-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

173bf104.akstat.io
ad.doubleclick.net
adservice.google.com
analytics.twitter.com
api2932.d41.co
apt.techtarget.com
assets.adobedtm.com
c.go-mpulse.net
cdn-0.d41.co
cdn.jsdelivr.net
cdnjs.cloudflare.com
cm.everesttech.net
connect.facebook.net
cu1pehnsweb01.servicebus.windows.net
d6tizftlrpuof.cloudfront.net
dpm.demdex.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
idsync.rlcdn.com
jelly.mdhv.io
mcafeeinc.demdex.net
pixel.quantserve.com
px.ads.linkedin.com
px4.ads.linkedin.com
rules.quantcount.com
s.go-mpulse.net
s.yimg.com
secure.quantserve.com
securingtomorrow.mcafee.com
smetrics.mcafee.com
snap.licdn.com
sp.analytics.yahoo.com
static.addtoany.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tags.srv.stackadapt.com
tags.tiqcdn.com
trk.techtarget.com
w.usabilla.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.mcafee.com
104.208.16.0
104.244.42.3
104.244.42.69
104.70.95.190
13.107.42.14
13.36.218.177
142.250.186.98
142.250.74.198
161.69.25.99
199.232.188.157
206.19.49.24
212.82.100.181
216.239.36.21
23.35.236.209
2600:9000:2057:ca00:6:44e3:f8c0:93a1
2606:4700:10::6816:46c5
2606:4700:4400::ac40:91d9
2606:4700::6810:5914
2606:4700::6811:190e
2620:116:800d:21:7eb1:3826:be7e:d981
2620:1ec:21::14
2a00:1288:80:807::1
2a00:1450:4001:803::2003
2a00:1450:4001:803::200e
2a00:1450:4001:80f::2003
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:829::200a
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9c
2a02:26f0:1700:391::11a6
2a02:26f0:3500:16::215:149b
2a02:26f0:3500:587::1e80
2a02:26f0:6c00:287::11a6
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
34.248.32.199
34.255.95.163
35.153.151.203
35.244.174.68
52.212.92.153
52.215.83.17
54.227.198.216
65.9.95.70
99.86.1.36
003c5212fe084a97fd7fd753297fe409de81f1be36fa96caced384c844d3d361
03cb83fe07a916614f3ce8b33a1727c9b0ae141e1fefbcdc33cd322703e21c84
044d576aa9a4a37cce540cbcac562b8e27cff561d4e72e333d1a2ee3cb48b451
05f3a8114c258832588d613f1c27294994ab595d6fd7c3c66a3f3e4b5c08b347
0c5d12f7f623ddaea002928a5e8aa1126cccf4cb80b58a4ed180d675a339efcc
0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0d66fa6c68f151d974336b6ba4fbc234568f3c3fd9e17f23310f78ff9d983bd7
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0f12048dcefe9bc239ae8d17fc0977bb7a704c86d72fab2a17393a056a20bebd
113380529a42db1c7ffcaa2bdb89cd13b93449a3092cabd13f87b4c06cef0330
15ffa205cf50b0af4c4d1fe323dc7d894a564de999366e1dbdc80c6043525606
178fc67d6359b2194335ab06ed01a8fc7b8c9474d538e9cf9ce4a7b34fd0feb4
18a0ca8e6cf3c31eb83227d48f89f8165141be974f61a06b5856ef999ff2eb58
198df55e0af22cc49d7b2a5efcdae25b8325ba9a6bd33816786c5dc3f5dccb11
2081f2547859809e552bfee4e0d58c38a82cde9ba35679af7f2de9752e035656
2170edf920df8db1736b378cacb7cbbb19d9693f32a60348d31e285ab9744591
218d05d13fe4ec02c43381f56d55867da02dbb5ed32c417c2584a44fbbfc8c2a
2433290762f14878390667a857add6770254f0ce19676e8d790eeddfe16b082f
2458c6e69ec960015408bcff5b6e3c679da9a9e7cb3149cc810ef75158c0acf1
24937d7140dbec8f50327bcb6e1cd2c815ddb0b4831ab59b8253ea6838aa8a5e
249c4eba880cfb74e1b6e1d1048def310636dc3b1ce5b3fe525703fd4025238f
24d0f07cd53b7aa874aa0b15b32dac373b5ad237c477d9787dd8c784e2e6c6e8
27dc4635c254b8aa1eacc62b7819be57d827b663d41793078443ae7531d17f32
2c89216f71c61ef90798e0ca2055716b1ca1b22cbb30b2e8984050ae06acc778
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8af6374a001a941e7eea578da32e139e8c9a659ffab78acd97fa160876efee
2ff46d3a83b26ebcd4426e6ef1bc2045fdfc5b9da72e61f7c3f9332256eca0ae
3384758485dbe9ada2cf47807be1f0513945d9d4bacd7f9406ac79abfc49dee1
36925e7859abeeb8681d694d702e00b1fbba6f37ac49b11e8f863ed24507ca6a
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
3c4f11ddf1ca110b8ba4a2c709148a88a4c2c4505fb40aa357f79a0ab4601241
3f1594b4a09de7b05aba88a7e26812cd1f4e178604947531bf76f9d863cbb4c2
40d078a3bd4049362979948fe0a6302a38612e720b30c41e871bbf0aa7f4144c
414b33c761e7ba385e0bd403c1d0c1fe37978a956a3898309f17518b217025c8
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44a6addb012e85ee247ae07452582489aaa2a0054e45b0810a95108c68f744a5
44f327eeeb995eabd2810452b355ca82979280a4d7def1bd980d3897e6999af6
457f5c0fdf15b82708a47c22c4928cd465012450d2c262297ab8fec142c34e79
4605acd00c25cb5627e418ac37d50a42daf2806d6a8758fa81e12361e5e9da63
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4dafc5d60a0cdc3b677a4cd543239bead37d550f86d89ec5210935ba15872ce1
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
50c8022116d8105e7c9af1cb08f1e21c26f3f8516875bba1013fe4cbdd166a8d
50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972
510d71bfae8484c59b9b3bd6064b3edd0348bb79b3b448bc1093bc7a73265b6a
52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183
53d356b45cf6078203c81769bfc737d350208d58b10ce17ea8e3c55f6b68fad8
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
569c26cc949ef91113628499320d3094b117bf29e3ce614fc3cf6d7d84fe4194
597b7ac8d3516dea5bcb9a2820cb005616de5ccfdc990d09fed05472e9b763b2
5d4ac009da7f99e32023b5d21c87939275d1561bf80e4737aa5d61beba675f29
656955dd522a5ad6e4854b1ae8cc510c8eafab407ce64ec7957b5c23a8014bd1
678e4443e87259063b8fd75aadfe00332e64993b3829693fd69f6b190321042f
692cdc9be3762655ec80e29c7eadd14f2202e2cc3b63771943eab95e2e98aad6
69cfbc38bb7a30b5973188b36de5afac71d747d10d3a4556a1b32d810027b3f6
6b730b9d1d62602579fb03b423a2c9efecbadb91d60775f4af128292a7a41cbf
6d4d659f4b34d65df2bfac351dda22f2a050352cbebf8f5df3fcb109018f945e
6d82164a8b75a7961fd54f46b2b985fd3bf0f16994631f025ef704eaef35f509
71d42e52ca35bfa15765b9b71e93054a357efb81f54b0bd578285acaeee52c1f
74cad4303232e97ca561d020bf3491ab6777c683b259f50f99b64cd62f1e3271
75b43df6930d03341e76a75dcd100473926121ac0e707825a0e73e5666d7ff97
76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b3d86ed0495648c392611dec4d4faf28409991c308d4a5e135b621d05126540
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c48971a72486c60216251e89061d7c2b8b03fa57551e0a6be0b7f0f9ab6254c
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f
7e601e5cd42b0c811b65bf97b2a9fecc45bd90886ce4aa1fb15f0cf4de2c9fcf
7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f
7f6c4fe4a3fb3ddefe3a6a5c2db84b6de768d575b112f66954fed62bf8e4057a
7f889b82f5b2e7af8fca5e0566f40f1d739ce5800ddf76b5a8e6bd57b32ff683
82c52b937868d2d0afb2abccadf9b697f20c73c3c30ad9204dad4884878a7f0c
8474952f856a73d936c67fc73c4b330547430caec755cab2ee773a626ec03988
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85f9a306434e8ed7d91e8ee0ee03ca08c58d61b4d41511b51d6e8ee243a3f2ba
874167e9a8246e870b7c7bbc08c771595959ba9e721240c33d19bb383d4e29a5
8c3d63f35dbb7c91072f5db40e6941fbc3873eec0b2423f1f6a3d34700fdde83
8dc89a8ca0f73b8c5ca251f6a2c9d202f98a52797a21b0016beca515b0ef3484
906929fcaca893402966281fdfa7dc7c5260487f461689ce3f07e1da9a7821ed
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
937256285819dbf55cb907b317a3fc5e21c3a5033b723b4a670bc437c1da7de0
9a22232280af7265cb2aee7e85c435aa32d2138aa617bcfb06a6d40e91721a2f
9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834
9dee9f7724ca98ec632aadeee67d695806122f2ceae9b874dbc47f4535345ce9
9f5a72ce12e3919467065700621f04a38ee421e307261fb75ba1f71355f01c05
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a62c9c49e1cdd2d4cd67021c291b34b1df60b2a5e4f339fb96280b4f450054e9
a88d86b1ebd759dc2c34264420b348dc6cff3473b02a2040b38284618b4d262a
a982c540f8f384f11cce36732cc23b9f3e9bf9dbee0c854c663f99b27f035969
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afca21f08d9897df9297beb699529b4a5e361fdb2e3ab514cbaea7c0f92d1e7b
aff7c51e4aa5b650f0c761dfe726fef1172196873f21e80a7d19c8844296ee6a
b08faf373c3f1c8247d01a6ac23353ae7a36a7bbf40d7591814920c11196bedf
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b5ef1c00425aca5499c3fa6e3ae78cecaa4682508e587b952780fccc7e8a2475
b63f011bf81f6548e73fe3c4f2edf35d97ca29054a35969373953a4ba382d782
b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608
b69751883be604d7108841f66360e02134764e137438b491d830d2345149219f
b798b54d656030b62b8458c55a03b732bbb998f302e9a22765da4490e77f5c49
b8171233aa4322a6ab896d8e461d044bf3cb58e2912af103b3d83fc5446ec53f
bbbc873bceaef4571c9485cd6e40fcdf66104bbfce1684f325c37df8d7d37818
bbc8f5b6465f291e62990af3187eb69b20b9924a0d5a078a4d5b01201c343702
c47380f71c3bdb3ebf92f494d7a6b8c1525f1ce8331fdb50398c22f59eea3936
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
c5ff486b59e0f29b1e547e9534deb1673f2218feb9e925d4f35371a5a23f1cd0
c64a0dd00d685de6eb7d2053110e20e2515ec436f262e5d36896a03b390f917a
c85b89d6b7d92272f7fb5946e61282a75b946883176c9ff73eac557dde75c724
c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85
c96632da476f22484073c005267b1e34c7340c60624a408d77c2f4014df9ed57
ca1c00cd45f96f4d0d08b8a4446e533ba2e2679a7c02bcd236dbd574a6993f21
cc2a9ed4988e65c35ca3723e7b6941441eb3cdffb9c054fd02827e794470675f
cce031204e7dbe0400e16e76e68fd3c571b8c750eff6e4fcbd5e55f68534c442
cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d016d4afbe8f4e956b6c7f1e8efcb43a914885176cad4875c4f3857e137f7bcd
d051f3c16ae61275a06cdf30938b3492e1bc6d89b9e7d67e2d175cec4e44df8a
d2e00ace79096d7e7c02507ed146f1ebfae22a6f56db4d69c67c952b0824e623
d35375ddafcfcbfd86e19aa65db30cc03f22e71d165953096bf365ffaf53838a
d3704d9797dce227e5032123ba2c7744319bf51460b1f5a54e21ec3d9952004e
d75e3f73d3f407ab5d0233a628d54cb82abde1dd8fea82428258c8ad6419e5a5
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
dcc0d9a4a6a778a99a4ed393dd5276635f9055e788993b04ab4c51a7d981f728
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfc26a106ce03cbb576da11779f33961b936fe586f2954b7f1b5b9240d2f3789
e02c6dc391e7e999f146bc443a116e1f35609f4faecbafedd55aaa3a0c7f234d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40d530457890331f6f1e49d3f4df07aa958f808c665295355d359bb80a80bb4
e706b2c1b4029a10d2d0d4f12004e47595ce518b865979a9998b900ebc9ea7e2
e7aaa31aec9d6a9f88c0af5d361aff3e7828ace0fb0c55ab35922025e12700b1
ea2fcfa550c8e004fc94f03166e8d8da9a87e9770b21a30146af7f7297735407
ed159ef40aa4d0deb0b7dda38006a88e4982f8064d2dc9ee9d80696bab91d342
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2c34ff128a37e06d27e1e9ba1545a526de7d5f1501d338455ef67a98fb2674e
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19
f4962081bda13b0e132399dd4a72278da7c075e582a95c0bf7ff40aea0286aee
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f5f77830582c3d8363ad6baad3151c9b14e33bd94602542c31123d38d0dd16e7
f6df752d4ddfe7e050e9f2c74e57948fad8b1eb4bbb3e746ff03f3147540181c
f7e248392cea6eed6651423f5b9a4adafec5b15921a2f16ec54e1012be0aaee5
f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47
fa251403ac153674157ed78351b757b362f9e0be8f6c5d595962b9033e488d48
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff4f1d3b83b386fe368a36112d66e193f81a07d24e2d4f98312fcfb53360d5e0
ff6c3f19010b840707e337b100fda4d354564596a26dc4f132c3d3e5da33b726

www.mcafee.com Open in urlscan Pro 104.70.95.190 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

218 Requests

99 %HTTPS

50 %IPv6

37 Domains

49 Subdomains

42 IPs

6 Countries

4310 kBTransfer

7784 kBSize

46 Cookies

22 Outgoing links

Page URL History

Redirected requests

218 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mcafee.com Open in urlscan Pro
104.70.95.190 Public Scan

Screenshot
Live screenshot

Full Image

218
Requests

99 %
HTTPS

50 %
IPv6

37
Domains

49
Subdomains

42
IPs

6
Countries

4310 kB
Transfer

7784 kB
Size

46
Cookies

218 HTTP transactions
0 data transactions