www.zdnet.com Open in urlscan Pro
2a04:4e42:4c::666 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/J3NaA4LXsi
Effective URL:
https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Submission: On March 28 via api (March 28th 2022, 3:25:00 pm UTC) from GB — Scanned from GB

Summary HTTP 192 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 38 IPs in 3 countries across 28 domains to perform 192 HTTP transactions. The main IP is 2a04:4e42:4c::666, located in United States and belongs to FASTLY, US. The main domain is www.zdnet.com. The Cisco Umbrella rank of the primary domain is 54420.
TLS certificate: Issued by R3 on February 23rd 2022. Valid for: 3 months.

This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1 1	67.199.248.12 67.199.248.12	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
37	2a04:4e42:4c:... 2a04:4e42:4c::666	54113 (FASTLY) (FASTLY)
5	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:6c0... 2a02:26f0:6c00:1b8::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:10:... 2606:4700:10::6814:b844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	151.101.66.154 151.101.66.154	54113 (FASTLY) (FASTLY)
2	52.5.114.199 52.5.114.199	14618 (AMAZON-AES) (AMAZON-AES)
1	34.120.203.121 34.120.203.121	15169 (GOOGLE) (GOOGLE)
2	151.101.129.194 151.101.129.194	54113 (FASTLY) (FASTLY)
18	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	108.157.4.76 108.157.4.76	16509 (AMAZON-02) (AMAZON-02)
22	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:26f0:6c0... 2a02:26f0:6c00:2b9::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	3.11.184.36 3.11.184.36	16509 (AMAZON-02) (AMAZON-02)
2	18.170.11.184 18.170.11.184	16509 (AMAZON-02) (AMAZON-02)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
11	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	162.247.243.146 162.247.243.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
4	2.16.107.105 2.16.107.105	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:710... 2a02:26f0:7100:29b::4469	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1 2	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	18.196.6.202 18.196.6.202	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
13	184.30.25.161 184.30.25.161	16625 (AKAMAI-AS) (AKAMAI-AS)
3	213.254.244.25 213.254.244.25	36062 (DOUBLE-VE...) (DOUBLE-VERIFY)
1	143.204.98.110 143.204.98.110	16509 (AMAZON-02) (AMAZON-02)
9	18.196.229.80 18.196.229.80	16509 (AMAZON-02) (AMAZON-02)
192	38

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.12 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: cname.bitly.com

zd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a04:4e42:4c::666 (United States)

ASN54113 (FASTLY, US)

www.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

static.myfinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.myfinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:1b8::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.66.154 (United States)

ASN54113 (FASTLY, US)

at.adtech.redventures.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.5.114.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-114-199.compute-1.amazonaws.com

a.myfidevs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.203.121 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 121.203.120.34.bc.googleusercontent.com

urs.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-76.dus51.r.cloudfront.net

cdn.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:2b9::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

02179912.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

12633a2e5143fcf674fc9c647880e75b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8beb4ede8720e0f2cd48cc2eb824a45e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.11.184.36 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-11-184-36.eu-west-2.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.170.11.184 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-170-11-184.eu-west-2.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.16.107.105 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-107-105.deploy.static.akamaitechnologies.com

clipcentric-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:7100:29b::4469 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.38 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.6.202 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-6-202.eu-central-1.compute.amazonaws.com

protected-by.clarium.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 184.30.25.161 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-25-161.deploy.static.akamaitechnologies.com

redventuresgamdisplay60805146916.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.254.244.25 (United States)

ASN36062 (DOUBLE-VERIFY, US)

tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpsc-frc.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-110.fra50.r.cloudfront.net

ad.clipcentric.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 18.196.229.80 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-229-80.eu-central-1.compute.amazonaws.com

tr.clipcentric.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	zdnet.com www.zdnet.com — Cisco Umbrella Rank: 54420 urs.zdnet.com — Cisco Umbrella Rank: 355833	700 KB
26	googlesyndication.com 12633a2e5143fcf674fc9c647880e75b.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 118 tpc.googlesyndication.com — Cisco Umbrella Rank: 160 8beb4ede8720e0f2cd48cc2eb824a45e.safeframe.googlesyndication.com	177 KB
25	moatads.com z.moatads.com — Cisco Umbrella Rank: 477 mb.moatads.com — Cisco Umbrella Rank: 810 geo.moatads.com — Cisco Umbrella Rank: 761 px.moatads.com — Cisco Umbrella Rank: 495	538 KB
20	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 246 ad.doubleclick.net — Cisco Umbrella Rank: 223	354 KB
13	moatpixel.com redventuresgamdisplay60805146916.s.moatpixel.com — Cisco Umbrella Rank: 42317	3 KB
10	clipcentric.com ad.clipcentric.com — Cisco Umbrella Rank: 34931 tr.clipcentric.com — Cisco Umbrella Rank: 13339	5 KB
7	google.com adservice.google.com — Cisco Umbrella Rank: 124 www.google.com — Cisco Umbrella Rank: 20	2 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 306	112 KB
5	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 612 tps.doubleverify.com — Cisco Umbrella Rank: 555 tpsc-frc.doubleverify.com — Cisco Umbrella Rank: 8964	100 KB
5	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 701	116 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 211	145 KB
4	akamaihd.net clipcentric-a.akamaihd.net — Cisco Umbrella Rank: 14128	68 KB
4	myfinance.com static.myfinance.com — Cisco Umbrella Rank: 20907 www.myfinance.com — Cisco Umbrella Rank: 20774	54 KB
3	google.co.uk adservice.google.co.uk — Cisco Umbrella Rank: 4057	1 KB
3	redventures.io at.adtech.redventures.io — Cisco Umbrella Rank: 33686	149 KB
3	go-mpulse.net c.go-mpulse.net — Cisco Umbrella Rank: 617	52 KB
2	gstatic.com fonts.gstatic.com	32 KB
2	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 600	1 KB
2	akstat.io 02179912.akstat.io — Cisco Umbrella Rank: 52019	708 B
2	fastly.net confiant-integrations.global.ssl.fastly.net — Cisco Umbrella Rank: 2061	98 KB
2	myfidevs.io a.myfidevs.io — Cisco Umbrella Rank: 21993	166 B
1	clarium.io protected-by.clarium.io — Cisco Umbrella Rank: 2602	345 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 107	1 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 694	18 KB
1	cohesionapps.com cdn.cohesionapps.com — Cisco Umbrella Rank: 13924	22 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1045	452 B
1	zd.net 1 redirects zd.net	300 B
1	t.co t.co — Cisco Umbrella Rank: 530	506 B
192	28

	Domain	Requested by
37	www.zdnet.com	t.co www.zdnet.com
18	securepubads.g.doubleclick.net	www.zdnet.com t.co securepubads.g.doubleclick.net www.googletagservices.com
17	px.moatads.com
13	redventuresgamdisplay60805146916.s.moatpixel.com
13	tpc.googlesyndication.com	www.zdnet.com t.co securepubads.g.doubleclick.net tpc.googlesyndication.com
11	pagead2.googlesyndication.com	www.zdnet.com tpc.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
9	tr.clipcentric.com	www.zdnet.com ad.clipcentric.com
5	cdn.ampproject.org	confiant-integrations.global.ssl.fastly.net
5	z.moatads.com	www.zdnet.com t.co securepubads.g.doubleclick.net
5	cdn.cookielaw.org	www.zdnet.com
4	www.google.com	www.zdnet.com securepubads.g.doubleclick.net tpc.googlesyndication.com
4	www.googletagservices.com	t.co securepubads.g.doubleclick.net
4	clipcentric-a.akamaihd.net	t.co clipcentric-a.akamaihd.net www.zdnet.com
3	adservice.google.com	www.zdnet.com securepubads.g.doubleclick.net
3	adservice.google.co.uk	www.zdnet.com securepubads.g.doubleclick.net
3	at.adtech.redventures.io	www.zdnet.com
3	c.go-mpulse.net	www.zdnet.com c.go-mpulse.net
2	tpsc-frc.doubleverify.com	cdn.doubleverify.com
2	fonts.gstatic.com	fonts.googleapis.com
2	ad.doubleclick.net	1 redirects www.zdnet.com
2	cdn.doubleverify.com	t.co
2	bam-cell.nr-data.net	www.zdnet.com
2	geo.moatads.com	z.moatads.com
2	02179912.akstat.io	www.zdnet.com c.go-mpulse.net
2	confiant-integrations.global.ssl.fastly.net	www.zdnet.com
2	www.myfinance.com	www.zdnet.com
2	a.myfidevs.io	www.zdnet.com
2	static.myfinance.com	www.zdnet.com
1	ad.clipcentric.com	clipcentric-a.akamaihd.net
1	8beb4ede8720e0f2cd48cc2eb824a45e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	tps.doubleverify.com	cdn.doubleverify.com
1	protected-by.clarium.io
1	fonts.googleapis.com	confiant-integrations.global.ssl.fastly.net
1	js-agent.newrelic.com	www.zdnet.com
1	mb.moatads.com	z.moatads.com
1	12633a2e5143fcf674fc9c647880e75b.safeframe.googlesyndication.com	www.zdnet.com
1	cdn.cohesionapps.com	www.zdnet.com
1	urs.zdnet.com	www.zdnet.com
1	geolocation.onetrust.com	www.zdnet.com
1	zd.net	1 redirects
1	t.co
192	41

This site contains links to these domains. Also see Links.

Domain
academy.zdnet.com
www.zdnet.fr
www.zdnet.de
www.zdnet.co.kr
japan.zdnet.com
news.sophos.com
redventures.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
narratives.zdnet.com
privacyportal.onetrust.com
support.zdnet.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-12-13` - `2022-12-12`	a year	crt.sh
*.zdnet.com R3	`2022-02-23` - `2022-05-24`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-18` - `2022-06-17`	a year	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2021-06-08` - `2022-06-13`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh
at.adtech.redventures.io R3	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.myfidevs.io Amazon	`2021-12-07` - `2023-01-04`	a year	crt.sh
rv-urs.zdnet.com GTS CA 1D4	`2022-03-11` - `2022-06-09`	3 months	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-27` - `2022-05-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
cdn.cohesionapps.com Amazon	`2021-12-17` - `2023-01-14`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
*.google.co.uk GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
aka.clipcentric.com R3	`2022-01-29` - `2022-04-29`	3 months	crt.sh
*.doubleverify.com DigiCert SHA2 Secure Server CA	`2021-12-23` - `2022-12-23`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
protected-by.clarium.io Gandi Standard SSL CA 2	`2020-04-03` - `2022-04-26`	2 years	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
clipcentric.com Amazon	`2022-01-06` - `2023-02-04`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Frame ID: 7C556C348901F5FF5C564D49ABAF4F39
Requests: 111 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: 6341C2CDA2549AC638C347F876C4D064
Requests: 2 HTTP requests in this frame

Frame: https://12633a2e5143fcf674fc9c647880e75b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 00F0026DEFC9850EC044B65DCF8C6D4D
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu2UiaTZji7WSB3igr4TXccTB5W1NfyTJ8mzssCKHThG-rK4EKVlpzTuHW1Bf7UrBrr9ziiiTzsYASh4L2HpC7pGz135IRDyTwp6njGnb7Uwl7z8fWFkORzf7MdJxC6YPB4z2Thtptaf5JtXJmQoRqKn63T7h2xggq6RsXSQUduEZOIfAPdXumHS-3b0xqrpSpUtkpdYufMkcFIz1nN14-tfRqv3iPpEy1EPn79cuA_qVjAyrOzYKxHe1TMSUOoA-YCHb6VGbM_iXqysCtF_casENTlpeqTSCo18dUyDfp9n2VFIXOblGJAZCzC9jEuIfFtWD7GxLAiCEVbioSctq-t&sai=AMfl-YR6MHX4mh8abbbrtg1BxKmCA0TBSibK8L66J7yoaPfU135hNu36u5PrCSCghpo0mC_tkK1D3nPLZmNSIIiT1JmVpO_lQsbfCT8QJPdXOszSV1UubvXTPUFHZoTkXHc&sig=Cg0ArKJSzCaSmAugzd0PEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 76187CBCED7EFFCB454F9DDE6FCF542A
Requests: 19 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsse5WBWJtWP7sT2PuReMQQ80LAasiU1TlG6UYTX2qbFJgKp71uF_N81ufe91KoEIbPZSLN6viWJ9_DOS15CR0gbRsePbee1dIL0LO4BlMt3BTdtA4E-SzplMwP76LpZW1K8IjmNkUgyu_wVYh7zn-czbS_R-RAc5T7_DvoVOGL5pp7rPyMmfFGe3AOlOJnNuZJ8yLJQvhA-VVJJhoEUh8D1x6xqx09MJcvLzQFewMHmjYudxKLykEcJRQRSGQnVlzOp3l_5pv1YYu7uKvuCVfEQmZIXd5OKPnx6xxzr5Ytt3mliUxL8StK-jaEHUWZr9POMVix_oHhiw47mqCXf&sai=AMfl-YR7FynwhcI-turH323g6nBIS9lfUn0akWIZiQqhktRmbgcWKeLnQVeJP-6kv_3EfUOWy06VDUAeA3jpwYbUqYe0s0-QbVxsOHL-lg6uS7kzkIjP6KCmDWtqY-cLglU&sig=Cg0ArKJSzLrCnkZaiaJnEAE&uach_m=[UACH]&adurl=
Frame ID: 56E024CF1948DAEDBC878B43E01DEFB0
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Frame ID: 59F97AFEF78BC89D365928864EDE5AA6
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstir2j05MmTHAuvf4CCcS2dfISMZeNbMqk7sjxDh68Yz2QuTMhj9EFQOceEEA8c_qc2PcW9viVqd--B8s_TBFw62uycjlkbM9NKZdgEBluqfo536JtI8vdH2YV_fkaycmyOd57WSsaBvUqi9vk0Eg85fKur-VpHlJ7J5e4q1wND8TPH_-jBJFyrzY5Gh-z6vqqvhqrh1hkiqnxbgJmwWfM2EsZsBpScw9jHtZw_LsPmOrRwMeGgU-oWLmrmgoKHYrZxbD2rcOdZFUjXY6V-bXOqDY3OhEypuwUreeo6pZzh4qf0G-Ns7_CkFsZ_hsnkxkGq0nkWmp9YOEg&sai=AMfl-YTbVEKNTOJDi7YoCvPRTIOkfgUTn603KeolKW3GTPuePLj5IsfRt4HvY2HLXStpahH4lrlbe_GNq3omeWTXKsitWpgNd7JobH9atWDXEU0p3wsbXiBNsME6Z0bL9Atm&sig=Cg0ArKJSzL-ZzVcNXSBIEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 91412A487F2AA2EB4B2E0A5828816199
Requests: 14 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements2439.js
Frame ID: 5B98D53EBDD16B4F5AD19A5FBE139EE5
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 713C4161E00623032A960B8D9FD442F8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 60406E849BEC096F390B7D41F7118ADA
Requests: 2 HTTP requests in this frame

Frame: https://8beb4ede8720e0f2cd48cc2eb824a45e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 32CAF128B95B041AF704894B8E8239D0
Requests: 1 HTTP requests in this frame

Frame: https://clipcentric-a.akamaihd.net/user-9/resources/ad.html
Frame ID: 0059C811CA020705C16F6870962A8B80
Requests: 1 HTTP requests in this frame

Frame: https://ad.clipcentric.com/user-9/resources/store.phtml?v200530
Frame ID: 882DC8755E8DDD88611143D57B4ABD6E
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 09E281E09D44AEA961EE5818A85D9D55
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv66bV_nCIA_0YuhFYsR3czkC5qPieQQeWUFJhiO8rmSrB0J9GCT0w8nDDY8A06EdZqfWan6gKignqCba-28Dg0dDIYqGAOloXfMiZBlcf33VY5eaAoEnnLardxq_5-bOKiQyHjXnNAQ8bI5YiePzH9B1RaiiJnNo6vXu0NsNnQaFoBGYHDCTA6FEHRO7PeBXpTsYdAgUB1C1J8AWokvzCtz-8EtVY72vFCAYmAimttQbX6tBl4By5c_NWzWOhSN_iaEkXYx8zybu9x2ZComAMGyUwbHOx740dS253skbCK675jc4Qb5g&sig=Cg0ArKJSzGEtiisKDP3VEAE&uach_m=[UACH]&adurl=
Frame ID: FBCAD1394BE0C4D5D65393EF57EFC400
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D61C1C25E4DBE3AFC7810D648907FD32
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BB9692DE19D3755F3A55AD9D8BEA9CD5
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

This new ransomware has been spotted in two very different attacks, say researchers | ZDNet

Page URL History Show full URLs

https://t.co/J3NaA4LXsi Page URL
https://zd.net/3CiEw9h HTTP 301
https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-s... Page URL

Detected technologies

Backbone.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

backbone.*\.js

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

192
Requests

98 %
HTTPS

47 %
IPv6

28
Domains

41
Subdomains

38
IPs

3
Countries

2750 kB
Transfer

8638 kB
Size

20
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://academy.zdnet.com/
Title: ZDNet Academy

Search URL Search Domain Scan URL

URL: https://www.zdnet.fr/
Title: ZDNet France

Search URL Search Domain Scan URL

URL: https://www.zdnet.de/
Title: ZDNet Germany

Search URL Search Domain Scan URL

URL: https://www.zdnet.co.kr/
Title: ZDNet Korea

Search URL Search Domain Scan URL

URL: https://japan.zdnet.com/
Title: ZDNet Japan

Search URL Search Domain Scan URL

URL: https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/
Title: detailed by cybersecurity researchers at Sophos

Search URL Search Domain Scan URL

URL: https://redventures.com/CMG-terms-of-use.html
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://redventures.com/privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ZDNet/

Search URL Search Domain Scan URL

URL: https://twitter.com/zdnet

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zdnet-com

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCr9QWb5RKLfaunjKHJZAdQQ

Search URL Search Domain Scan URL

URL: http://narratives.zdnet.com/
Title: Sponsored Narratives

Search URL Search Domain Scan URL

URL: https://privacyportal.onetrust.com/webform/79ba7c84-ebc2-4740-8d11-bf1cc4501e59/ae88e03f-2b16-4276-9980-27124ba4b2c1
Title: Do Not Sell My Information

Search URL Search Domain Scan URL

URL: https://support.zdnet.com/
Title: Site Assistance

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/J3NaA4LXsi Page URL
https://zd.net/3CiEw9h HTTP 301
https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87

https://ad.doubleclick.net/ddm/trackimp/N30602.281526ZDNET2/B27248518.330464835;dc_trk_aid=522465152;dc_trk_cid=167573858;ord=907719058;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N30602.281526ZDNET2/B27248518.330464835;dc_pre=CMyjuNCO6fYCFZ68dwodQ34DuA;dc_trk_aid=522465152;dc_trk_cid=167573858;ord=907719058;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

192 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 J3NaA4LXsi
t.co/ 221 B
506 B 240ms
153ms Document
text/html 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/J3NaA4LXsi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

date: Mon, 28 Mar 2022 15:24:51 GMT
vary: Origin
server: tsa_f
expires: Mon, 28 Mar 2022 15:29:51 GMT
content-type: text/html; charset=utf-8
cache-control: private,max-age=300
content-length: 173
content-encoding: gzip
x-xss-protection: 0
strict-transport-security: max-age=0
x-response-time: 110
x-connection-hash: f47544d652bc6bce913107c33bedd5319242563842e222ef79f1bdf3a80a733d

GET
H2

200

Primary Request / Show response
www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Redirect Chain

https://zd.net/3CiEw9h
https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

324 KB
106 KB

500ms
317ms

Document
text/html

2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b62555c40c12680c45be7727080b96c293ec2aa3f4e74bad1b3b3c19571d5d54

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://t.co/J3NaA4LXsi

Response headers

content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-type: text/html; charset=UTF-8
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
last-modified: Mon, 28 Mar 2022 15:22:44 GMT
link: <https://www.zdnet.com/a/fly/css/core/main-c2c412b9d6-rev.css>; rel="preload"; as="style"; nopush
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-tx-id: c120805e-f40c-48d7-9ab4-ee34def40ab5
x-xss-protection: 1; mode=block
date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
cache-control: max-age=5400, private
expires: Mon, 28 Mar 2022 16:52:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
vary: Accept-Encoding, User-Agent
content-length: 107124

Redirect headers

cache-control: private, max-age=90
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Mon, 28 Mar 2022 15:24:52 GMT
location: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
referrer-policy: unsafe-url
server: nginx
strict-transport-security: max-age=1209600
content-length: 200

GET
H2 200 main-c2c412b9d6-rev.css
www.zdnet.com/a/fly/css/core/ 309 KB
53 KB 86ms
86ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/css/core/main-c2c412b9d6-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

c9312b952c8d65184399d18bc89a6f451948c7f7f91a0eadb6cde2f412c682f6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
content-encoding: gzip
fastly-original-body-size: 54215
strict-transport-security: max-age=31536000
content-length: 54215
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:30 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "97bb1cde4f409684b9ed0fb173f5afe7"
vary: Accept-Encoding, Accept
content-type: text/css
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Apr 2022 14:31:40 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 20 KB
7 KB 155ms
56ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8305d86074fdee76ef38a7e264f3ac0bfab4051d8f13625b4bbd5396120b1fe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Mar 2022 15:24:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: dVKVlVU+J+RB4CMcqf9NTw==
age: 13910
vary: Accept-Encoding
content-length: 6678
x-ms-lease-status: unlocked
last-modified: Mon, 28 Mar 2022 02:28:11 GMT
server: cloudflare
etag: 0x8DA10629A8CCDCC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e6fb31ad-101e-00e3-3054-423d69000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f31600e592f23f7-ZRH

GET
H2 200 optanon-v1.1.0.js Show response
www.zdnet.com/a/privacy/optanon/ 36 KB
10 KB 80ms
80ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/privacy/optanon/optanon-v1.1.0.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 10444
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Mar 2021 19:22:21 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "46e2aa30cbebb708b5fc468d57d56d8b"
strict-transport-security: max-age=31536000
content-language: en
via: 1.1 varnish
cache-control: public, max-age=86400
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 17 Mar 2022 08:35:39 GMT

GET
H2 200 controls-c5a43d6b48-rev.css
www.zdnet.com/a/fly/css/video/htmlPlayerControls/ 25 KB
4 KB 131ms
130ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-c5a43d6b48-rev.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

5e6d2c7d03eb2bd52ab14195a6c9c4286ee3ce57f1c0ab8522918ff7e2c344a1

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
content-encoding: gzip
fastly-original-body-size: 4314
strict-transport-security: max-age=31536000
content-length: 4314
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:32 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "6c9a5050979172b425387320092c485f"
vary: Accept-Encoding, Accept
content-type: text/css
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Apr 2022 14:31:44 GMT

GET
H2 200 dp-zdnet-headshot-feb-20201.jpg
www.zdnet.com/a/img/resize/d31db2eb85c51031247ce810263a83caae1ca2c5/2020/02/06/6f24b751-729c-4ed9-9fae-979667f1d3b3/ 832 B
1 KB 82ms
82ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/d31db2eb85c51031247ce810263a83caae1ca2c5/2020/02/06/6f24b751-729c-4ed9-9fae-979667f1d3b3/dp-zdnet-headshot-feb-20201.jpg?width=50&height=50&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

3f6a19367e4fd8c09d3522f012f582ae8033ed9ae08eb6c85aac164b61bb5acb

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=32909 idim=685x644 ifmt=jpeg ofsz=832 odim=50x50 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1599085488055452
fastly-stats: io=1
content-length: 832
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "JZ9Gzv658CstcBestNDPD6t4Ed2NSOi1su1KyKlaw38"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 03 Mar 2022 16:12:12 GMT

GET
H2 200 dp-zdnet-headshot-feb-20201.jpg
www.zdnet.com/a/img/resize/f44bebe75cde36d255ae30d0f8fcf81099ca22c7/2020/02/06/6f24b751-729c-4ed9-9fae-979667f1d3b3/ 1 KB
2 KB 90ms
88ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/f44bebe75cde36d255ae30d0f8fcf81099ca22c7/2020/02/06/6f24b751-729c-4ed9-9fae-979667f1d3b3/dp-zdnet-headshot-feb-20201.jpg?width=70&height=70&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6b946915daeb986a43552cca1d2bfa4ce799e22dacfc44b2253e37ab82303ece

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
fastly-original-body-size: 1272
fastly-io-info: ifsz=32909 idim=685x644 ifmt=jpeg ofsz=1272 odim=70x70 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1599085488055452
strict-transport-security: max-age=31536000
content-length: 1272
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "IsxiqfYNN4S9UMTrigwP5gOsnqGPpnMIf355Bq89Pek"
vary: Accept-Encoding, Accept
content-type: image/webp
fastly-stats: io=1
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sat, 12 Mar 2022 08:26:08 GMT

GET
H2 200 20211029-goody-danny.jpg
www.zdnet.com/a/img/resize/6cf4d777fdce5cdadf599080838b80c6841557a5/2021/11/08/abb18ab5-ac64-41e1-a361-dbabe469a6db/ 14 KB
14 KB 89ms
86ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/6cf4d777fdce5cdadf599080838b80c6841557a5/2021/11/08/abb18ab5-ac64-41e1-a361-dbabe469a6db/20211029-goody-danny.jpg?width=570&height=322&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

aa70edeae6db2c44448cfc73bc7302e0fbdacc370de3d8f566ca526beaad8a43

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-original-body-size: 14524
fastly-io-info: ifsz=161179 idim=1920x1080 ifmt=jpeg ofsz=14524 odim=570x322 ofmt=webp
fastly-stats: io=1
content-length: 14524
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "SDFdsPoTOPGb2238nkzJ65ruHCTTRwOEP/uiqgMIGV4"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 20 Mar 2022 12:23:58 GMT

GET
H2 200 confused-woman-looking-at-a-laptop-cyber-attack.jpg
www.zdnet.com/a/img/resize/5dc2da4cb7f29ad79c9211ad5566317c377a5996/2020/07/13/10c8a20b-a4d8-4c7e-b2b2-270e7ff1b6d5/ 3 KB
3 KB 89ms
87ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/5dc2da4cb7f29ad79c9211ad5566317c377a5996/2020/07/13/10c8a20b-a4d8-4c7e-b2b2-270e7ff1b6d5/confused-woman-looking-at-a-laptop-cyber-attack.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

2d32c068ed379f96e7046e15397311213fea28896a5a8bc47bd2bd7799b762bc

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=191375 idim=2121x1414 ifmt=jpeg ofsz=2934 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1599085394700469
fastly-stats: io=1
content-length: 2934
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "ydNgaA4GlPozdIkOt1vP4z02pcxvAexlIIWn8zPhQMA"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 17 Mar 2022 11:45:22 GMT

GET
H2 200 best-visa-card.jpg
www.zdnet.com/a/img/resize/35d78a3fa0f8c7689565623c87f31045cf91dc5e/2022/03/17/63584546-d247-4027-9d6e-2438bbc763bf/ 2 KB
2 KB 90ms
88ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/35d78a3fa0f8c7689565623c87f31045cf91dc5e/2022/03/17/63584546-d247-4027-9d6e-2438bbc763bf/best-visa-card.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

26bda963c698a5d5245af86ff50682a1f18c41966ad5d7a6e89910672798595b

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-original-body-size: 1710
fastly-io-info: ifsz=190172 idim=2100x1400 ifmt=jpeg ofsz=1710 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 1710
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "XW1/UuHSD0Q1kSOvUR3ZCHJt34iCGhQadZxfqAgVMXM"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 17 Mar 2022 17:21:53 GMT

GET
H2 200 screenshot-2022-01-25-at-12-01-53-amazon-com-chipolo-bundle-2020-combo-pack-key-and-wallet-finder-bluetooth-tracker-fo.png
www.zdnet.com/a/img/resize/b86c6901a11030ce09779dea837878193f1577d8/2022/01/25/82014578-5513-4792-80f4-c182a5d550ea/ 3 KB
3 KB 90ms
88ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/b86c6901a11030ce09779dea837878193f1577d8/2022/01/25/82014578-5513-4792-80f4-c182a5d550ea/screenshot-2022-01-25-at-12-01-53-amazon-com-chipolo-bundle-2020-combo-pack-key-and-wallet-finder-bluetooth-tracker-fo.png?width=170&height=128&fit=crop&format=pjpg&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

b56fe77fe3493ccfdbb90bfd4299c4d461eb2c337652648582dd52b80082369b

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=590306 idim=1015x628 ifmt=png ofsz=2818 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 2818
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "Q9sUQSoGnnWod3l48T82+JsT38u0SrI/eJzgnzYB0so"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Wed, 16 Mar 2022 16:05:32 GMT

GET
H2 200 image-4.jpg
www.zdnet.com/a/img/resize/5594988fc3a764f2d81c2ba10a25baa77f231445/2022/03/18/512fddfa-483d-45d1-89f4-58b34f5d6653/ 4 KB
4 KB 89ms
87ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/5594988fc3a764f2d81c2ba10a25baa77f231445/2022/03/18/512fddfa-483d-45d1-89f4-58b34f5d6653/image-4.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6d9e7c00f40966f016ea55910bab9271e656e4f79a98b22f5e475159bdd882a2

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=578086 idim=1600x1069 ifmt=jpeg ofsz=3740 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 3740
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "lDm4Ell1H527AajmQeDfn+C7OWXJhgXc7rYKA9KDCHA"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Fri, 18 Mar 2022 14:37:28 GMT

GET
H2 200 istock-1156386758.jpg
www.zdnet.com/a/img/resize/88dc96deb16fc3d66fba38f49fb4f52d3ae79942/2020/05/08/caa1687e-f4c5-463f-b479-789ccf6d5245/ 7 KB
7 KB 89ms
87ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/88dc96deb16fc3d66fba38f49fb4f52d3ae79942/2020/05/08/caa1687e-f4c5-463f-b479-789ccf6d5245/istock-1156386758.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6314af3967adcf3af142ad7958d131fbaaa39c6cee3e3466898be062ce8cb11b

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=222757 idim=1253x836 ifmt=jpeg ofsz=6980 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1599085518546375
fastly-stats: io=1
content-length: 6980
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "TQGnY0Aq0Oslx52NvkGISx56l449JOObUsPaQX25HtQ"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 10 Mar 2022 17:19:04 GMT

GET
H2 200 istock-1278957793.jpg
www.zdnet.com/a/img/resize/b1d7ecd68b3a064e2e0f80c42747b8acd5e7dfd4/2020/10/26/01e1c529-2279-43a5-bff9-84ce72ded6a4/ 4 KB
4 KB 89ms
87ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/b1d7ecd68b3a064e2e0f80c42747b8acd5e7dfd4/2020/10/26/01e1c529-2279-43a5-bff9-84ce72ded6a4/istock-1278957793.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

494ab9a85a1d57b47e5cb9cf12b3e44e10dadc56d16e3a9d9218b24f8886b475

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
fastly-original-body-size: 3770
fastly-io-info: ifsz=96609 idim=1254x836 ifmt=jpeg ofsz=3770 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1603709557447632
strict-transport-security: max-age=31536000
content-length: 3770
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "V4N7OEjXr8yRvm8CjZ45LPcH/mIHOlbOf2tH5RGWVRU"
vary: Accept-Encoding, Accept
content-type: image/webp
fastly-stats: io=1
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 13 Mar 2022 12:07:35 GMT

GET
H2 200 computer-hardware-engineers-shutterstock-350350565.jpg
www.zdnet.com/a/img/resize/97e476fc8e10465b6797df7ef4912d1d35ace5cf/2021/07/16/d002f610-9239-4a42-858a-21ee1bd2ef8a/ 4 KB
5 KB 134ms
133ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/97e476fc8e10465b6797df7ef4912d1d35ace5cf/2021/07/16/d002f610-9239-4a42-858a-21ee1bd2ef8a/computer-hardware-engineers-shutterstock-350350565.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

2aa4cf14efe5be8dcc68990342cfc1ba315f39a741d95a6dcda94acbe47a1c23

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=1272850 idim=1600x1069 ifmt=jpeg ofsz=4382 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 4382
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "zN5OZYcNWO5UztrCYW8vkzg6ck0BEae0pWDj8mmV4pE"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Wed, 16 Mar 2022 15:14:04 GMT

GET
H2 200 broadband.jpg
www.zdnet.com/a/img/resize/11f2c123e417a680aa303fe57bf7908fc50267ce/2020/09/11/307bba1e-8b34-4dff-a4cf-2ba35b0c2b47/ 2 KB
2 KB 139ms
137ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/11f2c123e417a680aa303fe57bf7908fc50267ce/2020/09/11/307bba1e-8b34-4dff-a4cf-2ba35b0c2b47/broadband.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

61f086756aed4f0a2be98ae39319d1e18bda3b6399068ec7873102566e2eb55b

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=53906 idim=1200x900 ifmt=jpeg ofsz=1848 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1599786903082355
fastly-stats: io=1
content-length: 1848
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "ferqOLKrZkMhrTjdym06NEqA1+O38nGY2zm5+CsQlY8"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 13 Mar 2022 00:22:17 GMT

GET
H2 200 google-pixelbook-go-review-best-chromebook.png
www.zdnet.com/a/img/resize/aa3d72fa504914a36ff2a36e1621d17548207f02/2021/02/01/b259b540-c3c3-41af-8f2f-9cf4299efa72/ 2 KB
2 KB 144ms
143ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/aa3d72fa504914a36ff2a36e1621d17548207f02/2021/02/01/b259b540-c3c3-41af-8f2f-9cf4299efa72/google-pixelbook-go-review-best-chromebook.png?width=170&height=128&fit=crop&format=pjpg&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ffbf4845fc3471d840d191a67d913432e9ca858429061b44994b7897bea01268

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=490799 idim=1600x1069 ifmt=png ofsz=2210 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1612213138221648
fastly-stats: io=1
content-length: 2210
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "XVp4+Pg0b0809RHYXvnkZMdt1BUq+6mWWJ2/FHRDcD0"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Tue, 15 Mar 2022 12:05:18 GMT

GET
H2 200 require-2.1.2.js Show response
www.zdnet.com/a/fly/js/libs/ 16 KB
6 KB 133ms
132ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/require-2.1.2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
content-encoding: gzip
fastly-original-body-size: 6169
strict-transport-security: max-age=31536000
content-length: 6169
x-xss-protection: 1; mode=block
last-modified: Mon, 21 Mar 2022 17:03:42 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "669a10228ab9baf88f9852e4cd0d1df4"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Mar 2022 07:25:15 GMT

GET
H2 200 inlineMedia_core.js Show response
static.myfinance.com/widget/ 146 KB
51 KB 236ms
82ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.myfinance.com/widget/inlineMedia_core.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8062685d744e0b56d816edd3d4b5b9b527927710a163273806b1ccc60393cb92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4020
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: H5F11YT6YPXFWHBJ
x-amz-id-2: hg8z/vZXoG3xkl/6NXiJ26yMFReVzPn2mIViaRVRmkxlZ7tLsuYjnqeNEWn+A+eslAewYXMMMjM=
last-modified: Fri, 25 Mar 2022 14:33:35 GMT
server: cloudflare
etag: W/"212beaa44d3fbd4a31e338d7852b84fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6hy2Y844NanDcf0niTWXtcAQjBHBwlTxqVKOVEdMONg3H7166nvR10MP73PtbA1pRD0fbZU3d8GQaJmYEi5TgcTAv0OFWW581TTD1XV8Bogne%2FXYf6StkC%2B44%2FG1h2gfztCg37OsnPv6XAc7OqhXxHaMPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 6f31600fdbe20fea-MRS

GET
H2 200 e70f246a-fd9b-4805-9fd4-fcd89020aca5.json Show response
cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/ 3 KB
2 KB 201ms
101ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/e70f246a-fd9b-4805-9fd4-fcd89020aca5.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaf765d314b24473895a9ece61135d31023528c3b65129051b2c5a471d780604

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: xkIaWO5Hr0+rNu9IdoYHdw==
age: 7309
vary: Accept-Encoding
content-length: 1425
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jul 2021 15:15:53 GMT
server: cloudflare
etag: 0x8D94223473B0939
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f8b1f9ea-701e-0112-1715-b6aaaf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f31600f6e8301f8-ZRH
expires: Mon, 28 Mar 2022 19:24:53 GMT

GET
H/1.1 200
OK YZ2TK-PC7PJ-K64DL-L53CR-P2G4E Show response
c.go-mpulse.net/boomerang/ Frame 6341 205 KB
50 KB 153ms
51ms Script
application/javascript 2a02:26f0:6c00:1b8::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Resource Optimizer /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Mon, 28 Mar 2022 15:24:53 GMT
Content-Encoding: br
Last-Modified: Sun, 12 Dec 2021 17:26:57 GMT
Server: Akamai Resource Optimizer
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800, s-maxage=604800
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 50393

GET service-worker.js
www.zdnet.com/ Frame 0
0

GET
DATA 200
OK truncated
/ 31 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 inlineMedia.css
static.myfinance.com/widget/ 3 KB
2 KB 228ms
81ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.myfinance.com/widget/inlineMedia.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c50d5d10df377bd960648973b53891bfcaf48f457503eed023ad2c29f28e49b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3466
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: AEM3BRK9E0KAY9CV
x-amz-id-2: Bxo0Cqyj9h7zXEohPYPpajizd+Hquh5OIVjGXgRVLidXxBjnZSdzq2fFb9gNBCmIyV9nPgdmeS4=
last-modified: Mon, 12 Jul 2021 14:22:18 GMT
server: cloudflare
etag: W/"528a38ce39fc58a866c1226253bbb189"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aq37pGck3%2BLYIP54UG5qM3AJl6AB9SVBDSvathkLUMtNK1jntX9Y5Vvhn9rYnjcZr4Qk5ZFBb7vrkxyZ2QlSmc2FFejl60DjZk8GIGlwzD8fmopKiMZeSosCap2Zft0FWBKB%2B2mUGdCiZqW%2FPDxVFS1Bdw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 6f31600fdbe50fea-MRS

GET
H2 200 logo.png
www.zdnet.com/a/fly/1648477630-asset/bundles/zdnetcss/images/core/ 4 KB
4 KB 131ms
131ms Image
image/png 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1648477630-asset/bundles/zdnetcss/images/core/logo.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/core/main-c2c412b9d6-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/a/fly/css/core/main-c2c412b9d6-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-original-body-size: 4105
content-length: 4105
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:33 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Apr 2022 14:31:44 GMT

GET
H2 200 Regular.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 128ms
128ms Font
font/woff2 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Regular.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Origin: https://www.zdnet.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 20256
x-xss-protection: 1; mode=block
last-modified: Thu, 03 Mar 2022 15:19:47 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "2d636d9395b2da27ce67040250333ca4"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Mar 2023 15:27:21 GMT

GET
H2 200 Semibold.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 123ms
123ms Font
font/woff2 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Semibold.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Origin: https://www.zdnet.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:52 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 20344
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 16:33:18 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "a96ff4477074c6395b7305d2d98fde8e"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 06:32:04 GMT

GET
H2 200 main.default.js Show response
www.zdnet.com/a/fly/239530-fly/js/ 222 KB
70 KB 77ms
77ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/239530-fly/js/main.default.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f58a1e195a2dc8dd315222fd5696360dc47624eb43f39fab902fc13415ea3704

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
fastly-original-body-size: 71519
strict-transport-security: max-age=31536000
content-length: 71519
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:21 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "81ebc2a724195e519508655fad669439"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Apr 2022 14:31:44 GMT

GET
H2 200 ring-animated.svg
www.zdnet.com/a/fly/1648477630-asset/bundles/zdnetcss/images/video/ 704 B
847 B 82ms
82ms Image
image/svg+xml 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1648477630-asset/bundles/zdnetcss/images/video/ring-animated.svg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-c5a43d6b48-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-c5a43d6b48-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 704
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 20:08:31 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5f87ac7f571b5a0b1cdc101b49cdc8de"
strict-transport-security: max-age=31536000
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Apr 2022 13:58:57 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 177 B
452 B 172ms
76ms XHR
application/json 2606:4700:10::6814:b844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97551120a31b768832ec633d33187a4273e9f4073386de563b0df8ec285a052c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6f316010abc901eb-ZRH
access-control-allow-headers: Content-Type

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame 6341 2 KB
1 KB 133ms
49ms XHR
application/json 2a02:26f0:6c00:1b8::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5494937&v=1.720.0&if=&sl=0&si=e771f923-e27a-462c-8707-72b07f1c36ad-r9go5g&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 2ec64e196d4c59eb37ca6184a80c69bb989a12c64cca1243aa4ad83630cfb471

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Mon, 28 Mar 2022 15:24:53 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 802

GET
H2 200 bidbarrel-zdnet-rv.min.js Show response
at.adtech.redventures.io/lib/dist/prod/ 491 KB
148 KB 107ms
38ms Script
application/javascript 151.101.66.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://at.adtech.redventures.io/lib/dist/prod/bidbarrel-zdnet-rv.min.js?adaptive=true
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f808f80e0a6828022228c0fcd89ff0a7338bc5f6a7ce891327f7e51bc3d46d06

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
via: 1.1 337c92db4f8666e0ac53ab530546daa6.cloudfront.net (CloudFront), 1.1 varnish
fastly-original-body-size: 502570
age: 291
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 150641
x-served-by: cache-lcy19270-LCY
last-modified: Tue, 22 Feb 2022 18:12:52 GMT
server: AmazonS3
x-timer: S1648481093.249138,VS0,VE1
etag: "884860ff0a347f6d5ef39ade0d7af3f2"
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: max-age=900, public, must-revalidate
x-amz-cf-pop: LHR62-C5
accept-ranges: bytes
x-amz-cf-id: B8cjSJr3Sw70Kx2Ar7vPG3IEpw0NoIw3wd-2lWTrKMXS6_4b3vls_Q==
x-cache-hits: 1

OPTIONS
H2 204 record
a.myfidevs.io/ Frame 0
0 371ms
118ms Preflight 52.5.114.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.myfidevs.io/record
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.5.114.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-114-199.compute-1.amazonaws.com
Software: Python/3.7 aiohttp/3.7.4.post0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-allow-headers: *
server: Python/3.7 aiohttp/3.7.4.post0

OPTIONS
H2 200 v1.5
www.myfinance.com/api/au/ Frame 0
0 652ms
474ms Preflight
text/html 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.myfinance.com/api/au/v1.5?imre=aHR0cHM6Ly93d3cuemRuZXQuY29tL2FydGljbGUvdGhpcy1uZXctcmFuc29td2FyZS1oYXMtYmVlbi1zcG90dGVkLWluLXR3by12ZXJ5LWRpZmZlcmVudC1hdHRhY2tzLXNheS1yZXNlYXJjaGVycy8=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
content-type: text/html; charset=utf-8
vary: Origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.zdnet.com
access-control-allow-headers: x-requested-with, content-type, accept, origin, authorization, x-csrftoken, x-api-key, Access-Control-Allow-Origin
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-max-age: 86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nnVazvrteiN2RwFIRvoIJ4SYIoZ3Un7WjHm7727CzEWSoT18qyc%2BdpvFSWMdtltmLE0mrO2SeKrUoNsSisURTzLzPGvrOSx7tBz02YGZnzviPedvsB3uIyCRLEHLqsNv7XkL0DNhVAAW2i%2B0hadZbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6f316011b9f541e4-MRS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 204 record Show response
a.myfidevs.io/ 0
166 B 431ms
431ms XHR
text/plain 52.5.114.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.myfidevs.io/record
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.5.114.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-114-199.compute-1.amazonaws.com
Software: Python/3.7 aiohttp/3.7.4.post0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
x-api-key: yuH27H1QId6afXAojow6Tafi7Vw9v1spaLD5Yznw
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Mon, 28 Mar 2022 15:24:53 GMT
access-control-allow-credentials: true
server: Python/3.7 aiohttp/3.7.4.post0
access-control-allow-headers: *
access-control-allow-methods: POST

POST
H3 200 v1.5 Show response
www.myfinance.com/api/au/ 1 KB
1 KB 428ms
325ms XHR
application/json 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.myfinance.com/api/au/v1.5?imre=aHR0cHM6Ly93d3cuemRuZXQuY29tL2FydGljbGUvdGhpcy1uZXctcmFuc29td2FyZS1oYXMtYmVlbi1zcG90dGVkLWluLXR3by12ZXJ5LWRpZmZlcmVudC1hdHRhY2tzLXNheS1yZXNlYXJjaGVycy8=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46121707e9fb86efdb7b5ff4f20339e3331d05990c08d82d6541f98ff080ac06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-type: application/json
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
allow: POST, GET
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJsWqDCaRci1og8Z3uHKcyToQNTIVD%2Bbk0anzjcD5xDcF7fXPel1oQL5%2FrfL4hZJyhAknMDzqynWAwlkMEGsIC5jneaQt%2FsUzf0xB2hAhB2B1foujm5jjHlRvMtsYZQImVK4IoKQfvWGQCwyV2cDCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language: en-us
access-control-allow-origin: https://www.zdnet.com
vary: Accept, Accept-Language, Origin, Cookie
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials: true
cf-ray: 6f3160154fee73bb-MRS
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 urs.js Show response
urs.zdnet.com/sdk/ 50 KB
50 KB 213ms
127ms Script
application/javascript 34.120.203.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://urs.zdnet.com/sdk/urs.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.203.121 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

121.203.120.34.bc.googleusercontent.com

Software

Resource Hash

fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
via: 1.1 google
last-modified: Tue, 12 Jan 2021 17:00:48 GMT
etag: "5ffdd5c0-c803"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51203

GET
H2 200 mpulse-1.0.2.js Show response
www.zdnet.com/a/fly/js/libs/ 61 KB
12 KB 79ms
78ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/mpulse-1.0.2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
fastly-original-body-size: 12449
strict-transport-security: max-age=31536000
content-length: 12449
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Mar 2022 19:25:40 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "4eee168f1987b7306a427e129547708f"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Mar 2022 06:23:46 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.20.0/ 376 KB
84 KB 57ms
57ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.20.0/otBannerSdk.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

295c66c14524b77dd1271317457dec037b5ef0943da346b9b73681e54da826e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jOOTzA5W9ewbfwCUPpt/mw==
age: 13879033
vary: Accept-Encoding
content-length: 86053
x-ms-lease-status: unlocked
last-modified: Wed, 07 Jul 2021 06:41:48 GMT
server: cloudflare
etag: 0x8D941124BEC2620
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e931c12c-a01e-015f-1d6c-c46c4d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f3160112d5523f7-ZRH

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/v2/ 2 KB
1 KB 59ms
59ms XHR
application/json 2a02:26f0:6c00:1b8::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1648481093294&s=ad28d6bd1932aa0b96ca4ee34cd5be49b863cda14a0e94f68aca95a26ea1a601
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 65bb54091a85215c0ca4103c58e059906b147fd0489904387f3f9eef4a2f795a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Mon, 28 Mar 2022 15:24:53 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 877

OPTIONS
H2 200 diff
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ Frame 0
0 218ms
158ms Preflight
text/html 151.101.66.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: cat,content-type,variant,version
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://www.zdnet.com
access-control-allow-headers: *
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
x-cloud-trace-context: c3b2ef91d9ae888d844d227db06c2b99
server: Google Frontend
accept-ranges: bytes
date: Mon, 28 Mar 2022 15:24:53 GMT
via: 1.1 varnish
x-served-by: cache-lcy19280-LCY
x-cache: MISS
x-cache-hits: 0
x-timer: S1648481093.442058,VS0,VE103
vary: Accept-Encoding, Origin
content-length: 8

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/ 184 KB
36 KB 99ms
30ms Script
text/javascript 151.101.129.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/config.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 623adb3da1c01c0bbfaf6f6c63e098944ac1c965dda0a61318cb0c4d280de346

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Mon, 28 Mar 2022 15:24:53 GMT
Content-Encoding: gzip
Age: 3196
X-Cache: HIT
Connection: keep-alive
Content-Length: 36178
x-amz-id-2: 2wyQCIg4GEy3CMPjQP5QeHINkhZDpniFmfI+qhiIIaCTthJIMdY8IPGcPDAn4v2h5rhYW/Ld65A=
X-Served-By: cache-lcy19256-LCY
Last-Modified: Mon, 28 Mar 2022 14:03:50 GMT
Server: AmazonS3
X-Timer: S1648481093.436444,VS0,VE0
ETag: "253eb69d876305f063be52dffa830b5e"
x-amz-request-id: KN9YZMJY2F9SZ37Y
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 167

GET
H2 200 diff Show response
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ 5 KB
1 KB 30ms
30ms Fetch
application/json 151.101.66.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

9b611edb408ed2ab7b99df623098bd1cddfdb9d04cf594bee045fdb49136f42b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

cat: itQA9K1qg
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
variant: core
version: rv2.26.2

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
fastly-original-body-size: 1061
age: 418
x-dns-prefetch-control: off
x-cache: HIT
ttl: 900s
content-length: 1061
x-xss-protection: 1; mode=block
x-served-by: cache-lcy19280-LCY
access-control-allow-origin: *
server: Google Frontend
x-timer: S1648481094.601190,VS0,VE0
x-frame-options: SAMEORIGIN
date: Mon, 28 Mar 2022 15:24:53 GMT
x-download-options: noopen
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
via: 1.1 varnish
x-cloud-trace-context: df430fe026bea3c4c01d277c4305bc27
cache-control: max-age=900
etag: W/be99ac60cb5fd46cb51b94268e076d13a9108c7c
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 2

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
28 KB 171ms
79ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

5f4c791492ebdba5b3510d1f4cc6294e09840872775a31e3a57f4fd1715b2e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28079
x-xss-protection: 0
server: sffe
etag: "1171 / 490 of 1000 / last-modified: 1648465662"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 28 Mar 2022 15:24:53 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/069e0a06-a1be-44f5-9a8f-926f2985d489/ 93 KB
20 KB 57ms
57ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/069e0a06-a1be-44f5-9a8f-926f2985d489/en.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c83de3876b70820a0a835648010dc49a5600d6c3dd65f1a1e19ff44d33663083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: AlmWtxV11YCExQkuyz0PJA==
age: 1178
vary: Accept-Encoding
content-length: 20136
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jul 2021 15:15:59 GMT
server: cloudflare
etag: 0x8D942234AE979B3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 1407d26d-801e-004c-5320-b61ff9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f316011eabb01f8-ZRH
expires: Mon, 28 Mar 2022 19:24:53 GMT

GET
H2 200 article-8269acd0ae-rev.js Show response
www.zdnet.com/a/fly/js/pages/ 102 KB
26 KB 80ms
79ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/pages/article-8269acd0ae-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

77534605d7f4bf6131511e44b4da078721199a58ed38e00b2d26cb97fc9e4a7f

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 26942
x-xss-protection: 1; mode=block
last-modified: Wed, 23 Mar 2022 22:22:15 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "4637b2fc4a9f3ffbd98d8358b7ad1954"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Mar 2022 08:13:13 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.20.0/assets/ 13 KB
3 KB 61ms
61ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.20.0/assets/otFlat.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /OL7qnwFOarng5AW29V9Pw==
age: 6646
vary: Accept-Encoding
content-length: 2950
x-ms-lease-status: unlocked
last-modified: Wed, 07 Jul 2021 06:41:42 GMT
server: cloudflare
etag: 0x8D94112485FC2D3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 1b928500-b01e-014b-640d-3caf29000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f3160126ba301f8-ZRH

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203231234/ 194 KB
62 KB 30ms
30ms Script
application/javascript 151.101.129.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203231234/wrap.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b87e1e984e53a35730068f747f4dff21e19b8ef2ca6f8da54c75b6c783198a35

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Mon, 28 Mar 2022 15:24:53 GMT
Content-Encoding: gzip
Age: 253
X-Cache: HIT
Connection: keep-alive
Content-Length: 63275
x-amz-id-2: sgSJO7cX7cNLyqri+JcnaQ6VYTPGmevFHUK3hVlSbRvZrHpr06Hu84n9aD279ZCGxaQOzgJrX4M=
X-Served-By: cache-lcy19256-LCY
Last-Modified: Wed, 23 Mar 2022 16:44:40 GMT
Server: AmazonS3
X-Timer: S1648481094.505253,VS0,VE0
ETag: "a115403df16b82701dfc93fe35b84161"
x-amz-request-id: 7J6FZ233HAM77PWJ
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 327

GET
H2 200 cohesion-latest.min.js Show response
cdn.cohesionapps.com/cohesion/ 80 KB
22 KB 169ms
52ms Script
text/javascript 108.157.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-76.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a89fefe62a3aefdaae686026c0fe9b8f65206929032b1b905b9ddf6fac51c7c5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
etag: W/"e10a18dc45998ad744bcb5ad1b678b1c"
last-modified: Thu, 17 Mar 2022 12:04:26 GMT
server: AmazonS3
age: 12019
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 268679e7d17267a1a7a03722822fb800.cloudfront.net (CloudFront)
date: Mon, 28 Mar 2022 12:04:34 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: KXKMvAkxclSqK1AZvRK-Y7c--ZcYNyxGoq-WmNTO6TRbsHW6SGwKzQ==

GET
H2 200 pubads_impl_2022031601.js Show response
securepubads.g.doubleclick.net/gpt/ 365 KB
124 KB 43ms
43ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:12:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 725
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126823
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 08:34:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 28 Mar 2023 15:12:48 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 231 B
157 B 100ms
50ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

2886024326f8c892924608e6c122a0cc1f5aac234944c962d5a1e474622e81ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132
x-xss-protection: 0
expires: Mon, 28 Mar 2022 15:24:53 GMT

GET
H2 200 moatheader.js Show response
z.moatads.com/redventuresgamheader644747280705/ 241 KB
83 KB 136ms
45ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 13675f970d6dfb0e12a632a85dc3c63ab511d64165770d11c1c09c5868cd0649

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
x-akamai-origin-object-size: 84049
last-modified: Fri, 25 Mar 2022 21:18:02 GMT
server: AmazonS3
x-amz-request-id: PVEX3ZBQFV6D2PQ2
etag: "33e1acc26c7bf4888dbc924de591e629"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=60266
accept-ranges: bytes
content-length: 84049
x-amz-id-2: 4cAhBwZ1JlyuQLhnCSC9Wh5IbhgIy1Yzl1C3snwFjehh6qaM4jhmscw8spTIMnQVjqVZeextl5k=

GET
H/1.1 204
No Content / Show response
02179912.akstat.io/ 0
354 B 174ms
78ms XHR
image/gif 2a02:26f0:6c00:2b9::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://02179912.akstat.io/?h.pg=article&when=1648481093745&cdim.Site_View=desktop&t_other=custom4%7C841&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=fdf42ab324bd160929bba3f8d595677c2146281f-7eb095cf-2192eff8&h.t=1648481093326&http.initiator=api&rt.start=api&rt.si=8a46d098-821b-4765-8bed-74a4729f2fae&rt.ss=1648481094716&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Mar 2022 15:24:53 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Mon, 28 Mar 2022 15:24:53 GMT

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 141ms
50ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 141ms
50ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 57 KB
16 KB 492ms
491ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=997831255783694&correlator=3785146385175024&eid=44742767%2C31065657%2C44755510&output=ldjh&gdfp_req=1&vrg=2022031601&ptt=17&impl=fifs&iu_parts=22309610186%2Caw-zdnet%2Cinnovation%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3&prev_iu_szs=728x90%7C970x66%7C5x5%2C300x250%7C300x600&ifi=1&adks=2152545444%2C192557409&sfv=1-0-38&ecs=20220328&fsapi=false&prev_scp=pos%3Dnav%26sl%3Dnav-ad-plus-leader%253FT-1000%26iid%3Dunit%253Dnav-ad-plus-leader%257Cvguid%253D126499e8-0f95-45b8-9335-0c8e6ebb264a%257Cpv%253D1%7Cpos%3Dtop%26sl%3Dmpu-plus-top%253FT-1000%26iid%3Dunit%253Dmpu-plus-top%257Cvguid%253D126499e8-0f95-45b8-9335-0c8e6ebb264a%257Cpv%253D1&eri=1&cust_params=buyingcycle%3Ddiscover%26topic%3Dsecurity%252Ccybersecurity%26tag%3Dcyber-security%252Cransomware%252Ctarget%252Cmalware%252Cmicrosoft%26mfr%3Dsophos-inc%252Cmicrosoft%26pid%3Dmicrosoft-exchange-server%252Cmicrosoft-teams%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%252Csocial_user%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Dc%26pv%3D1%26vguid%3D126499e8-0f95-45b8-9335-0c8e6ebb264a&sc=1&cookie_enabled=1&abxe=1&dt=1648481093821&lmt=1648480964&dlt=1648481092709&idt=1060&biw=1600&bih=1200&adxs=436%2C1050&adys=50%2C478&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x100%7C370x280&msz=1600x100%7C370x30&fws=4%2C4&ohw=1600%2C370&ga_vid=261699053.1648481094&ga_sid=1648481094&ga_hid=1237797121&ga_fc=false&btvi=0%7C0&nvt=1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

487bba16b1bba94c09965327cac0c9f60e652fc452284f32a6203cfb730d85f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16393
x-xss-protection: 0
google-lineitem-id: 5944704717,5929908675
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138384207765,138382842584
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
12633a2e5143fcf674fc9c647880e75b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 00F0 6 KB
4 KB 159ms
50ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://12633a2e5143fcf674fc9c647880e75b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 28 Mar 2022 15:24:53 GMT
expires: Tue, 28 Mar 2023 15:24:53 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 49 KB
12 KB 467ms
466ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=997831255783694&correlator=3671711923561157&eid=44742767%2C31065657%2C44755510&output=ldjh&gdfp_req=1&vrg=2022031601&ptt=17&impl=fifs&iu_parts=22309610186%2Caw-zdnet%2Cinnovation%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=3&adks=2703023599&sfv=1-0-38&ecs=20220328&fsapi=false&prev_scp=pos%3Dmiddle%26sl%3Dmpu-middle%253FLL%257CT-1000%26iid%3Dunit%253Dmpu-middle%257Cvguid%253D126499e8-0f95-45b8-9335-0c8e6ebb264a%257Cpv%253D1&eri=1&cust_params=buyingcycle%3Ddiscover%26topic%3Dsecurity%252Ccybersecurity%26tag%3Dcyber-security%252Cransomware%252Ctarget%252Cmalware%252Cmicrosoft%26mfr%3Dsophos-inc%252Cmicrosoft%26pid%3Dmicrosoft-exchange-server%252Cmicrosoft-teams%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%252Csocial_user%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Dc%26pv%3D1%26vguid%3D126499e8-0f95-45b8-9335-0c8e6ebb264a&sc=1&cookie_enabled=1&abxe=1&dt=1648481093853&lmt=1648480964&dlt=1648481092709&idt=1060&biw=1600&bih=1200&adxs=1050&adys=1358&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=370x30&msz=370x30&fws=4&ohw=370&ga_vid=261699053.1648481094&ga_sid=1648481094&ga_hid=1237797121&ga_fc=false&btvi=1&nvt=1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

4faeb02bc31cc4e8f184d6d77695ef67ccdf56181db8793dea79d198dec725ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11931
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 656 B
831 B 136ms
47ms Script
text/html 3.11.184.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&pcode=redventuresgamheader644747280705&rx=516590785093&callback=MoatNadoAllJsonpRequest_97323662
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.11.184.36 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-11-184-36.eu-west-2.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: 6c04f544bb533555bdddb084e81afe80c345226bc2a6e61052a593091e4481e7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "8f43c34810126f83b29567e355ba59114cee009b"
content-length: 656
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 84 B
257 B 100ms
35ms Script
text/html 18.170.11.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&sgs=3&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=https%3A%2F%2Ft.co&t=1648481093964&de=884876854585&rx=516590785093&m=0&ar=3e87cfd1033-clean&iw=f366f1c&q=1&cb=0&cu=1648481093964&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A1100%3A1100%3A0%3A1045&jk=-1&jm=-1&fs=197910&na=1558439216&cs=0&ord=1648481093964&jv=1317961687&callback=DOMlessLLDcallback_97323662
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.170.11.184 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-170-11-184.eu-west-2.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: 0b6ea1010408810a2b9664df1d8f99b4aaaa56874e855d68c32c06c5cf1e229d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "862d41d4c095eabc1f9784f998a35330052fb12c"
content-length: 84
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 86 B
260 B 98ms
34ms Script
text/html 18.170.11.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&sgs=3&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=https%3A%2F%2Ft.co&t=1648481093964&de=884876854585&rx=516590785093&m=0&ar=3e87cfd1033-clean&iw=f366f1c&q=2&cb=0&cu=1648481093964&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A1100%3A1100%3A0%3A1045&jk=-1&jm=-1&fs=197910&na=742217809&cs=0&callback=MoatDataJsonpRequest_97323662
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.170.11.184 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-170-11-184.eu-west-2.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: 597a7092a8496359ef540218f25e3db91b9eb7c2edd6ad8f4b69c74b755b8951

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "d4465deddcfdf89a787efc02339cbebcf9a66a14"
content-length: 86
content-type: text/html; charset=UTF-8

GET
H2 200 nr-spa-1215.min.js Show response
js-agent.newrelic.com/ 47 KB
18 KB 92ms
30ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1215.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-amz-version-id: zcmP9QP8YWQtiPZETZozJGQXbXQvWuWT
content-encoding: gzip
etag: "7e1862f7a390ed9fc02c299216395547"
x-amz-request-id: 5YB8P1TTGHSSH29M
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 17465
x-amz-id-2: xDEqOr+SZzR3E9CfzL4TSg15A/4Egxs3EI/mGNuVsJocvRJ6pT2DBxhDvoMe/m6w2zZK2c7kmtQ=
x-served-by: cache-lcy19248-LCY
last-modified: Mon, 24 Jan 2022 22:13:54 GMT
server: AmazonS3
x-timer: S1648481094.223861,VS0,VE0
date: Mon, 28 Mar 2022 15:24:54 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 11085

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
11 KB 149ms
56ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031601&st=env

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4d57615054d0cf76fad7d4880b4cba6ee4aa99d2b5616af3bd0a902691af24f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10466
x-xss-protection: 0

GET
H2 200 / Show response
www.zdnet.com/components/breaking-news/xhr/ 1 KB
1 KB 230ms
230ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4f3dc9d29a35afae0ff09c2203694bb51c6da1e68f07a2ce2496cefc6553265b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-3a4a27555f2fcdfa----1648481094169
traceparent: 00-fc38f1371976048011a9928fe9ac80a0-3a4a27555f2fcdfa-01
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiM2E0YTI3NTU1ZjJmY2RmYSIsInRyIjoiZmMzOGYxMzcxOTc2MDQ4MDExYTk5MjhmZTlhYzgwYTAiLCJ0aSI6MTY0ODQ4MTA5NDE2OSwidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 28 Mar 2022 15:04:33 GMT
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFtcXRQODFJfQzkGQ1NSCQ8NBW8MXRVLGhgCHVUJUQFRH1JKBgRTXloUHgFIQ1AGAwYCAQBXUgcCUlFSBwFAFF5VXkAAZA==
x-frame-options: SAMEORIGIN
date: Mon, 28 Mar 2022 15:24:54 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: af9b2282-8c41-4c03-8a2a-6c198061deb7
content-type: application/json
via: 1.1 varnish
cache-control: max-age=5400, private
accept-ranges: bytes
expires: Mon, 28 Mar 2022 16:34:33 GMT

GET
H2 200 track-cwv-72dfb3ae38-rev.js Show response
www.zdnet.com/a/fly/js/components/ 239 B
439 B 70ms
70ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/track-cwv-72dfb3ae38-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

9b7909cb9edd007095b41a13617b66208e4210fff9c5e411a7db116efefc8e71

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
fastly-original-body-size: 199
strict-transport-security: max-age=31536000
content-length: 199
x-xss-protection: 1; mode=block
last-modified: Mon, 21 Mar 2022 17:03:49 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "143a648fb764ee1f43c5346329049d32"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Mar 2022 08:44:50 GMT

GET
H2 200 author-modal-5b949f9436-rev.js Show response
www.zdnet.com/a/fly/js/components/ 1 KB
536 B 70ms
70ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/author-modal-5b949f9436-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7f1639eeb6e3eb3e2de52c35e650ac2fe53ea34ee8e8cac73807facad51e9b7f

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
fastly-original-body-size: 435
strict-transport-security: max-age=31536000
content-length: 435
x-xss-protection: 1; mode=block
last-modified: Mon, 21 Mar 2022 17:03:49 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "3b2078863d15783afd171d92a197e160"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Mar 2022 08:42:27 GMT

GET
H2 200 zdnet-video-ea6f24fc09-rev.js Show response
www.zdnet.com/a/fly/js/components/ 31 KB
10 KB 73ms
73ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/zdnet-video-ea6f24fc09-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

53bd7793655d078b47da2e0dd784bb15c68ca2b79e0d242ef4f41c5dfa87b0a7

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 9744
x-xss-protection: 1; mode=block
last-modified: Wed, 23 Mar 2022 22:22:14 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "8d2b4bdc090764139c10220132a30e9b"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Mar 2022 08:33:57 GMT

GET
H2 200 disqus-loader-f09d8d6993-rev.js Show response
www.zdnet.com/a/fly/js/components/ 1 KB
823 B 73ms
73ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/disqus-loader-f09d8d6993-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

3c591927cc6254cd17a33c78e3293b8456851a88c736b300647f7d263dd31740

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
fastly-original-body-size: 703
strict-transport-security: max-age=31536000
content-length: 703
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Mar 2022 19:25:48 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "d006833be12fb9b3dee223c496765137"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Mar 2022 06:31:18 GMT

GET
H2 200 front-door-carousel-dcdcc78ebc-rev.js Show response
www.zdnet.com/a/fly/js/components/ 5 KB
2 KB 73ms
73ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/front-door-carousel-dcdcc78ebc-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0f23aaa9d0fec5942a9907b88ad801ff3eff3abede69bf286d869061201c67fe

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
fastly-original-body-size: 1651
strict-transport-security: max-age=31536000
content-length: 1651
x-xss-protection: 1; mode=block
last-modified: Mon, 21 Mar 2022 17:03:49 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "0fe98a834e962e4ae820b0a7a9c98e39"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Mar 2022 07:09:46 GMT

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
1 KB 272ms
271ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

79eb8af49a0f2eea9291e3381bcc330730b4ce45f892dd618d63000e9425c190

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-e16332207269d941----1648481094175
traceparent: 00-978783d589fe32aedfc3be4a0f27ac40-e16332207269d941-01
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiZTE2MzMyMjA3MjY5ZDk0MSIsInRyIjoiOTc4NzgzZDU4OWZlMzJhZWRmYzNiZTRhMGYyN2FjNDAiLCJ0aSI6MTY0ODQ4MTA5NDE3NSwidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFZWRxcNB0NFUhQ7Rl9XBQMXPUMKVxVnVFtVWgsbTQFPA1JUBgdNVk0IBgVRUk4aABtEUVUACgdTAgNSVghaDAgDVhFJXwBdElY/
x-frame-options: SAMEORIGIN
date: Mon, 28 Mar 2022 15:24:54 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 6b64c00b-0158-409e-a0ee-1546c704d6ef
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0, must-revalidate, private
accept-ranges: bytes
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 core-web-vitals-16efe3ae21-rev.js Show response
www.zdnet.com/a/fly/js/managers/ 545 B
485 B 70ms
70ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/managers/core-web-vitals-16efe3ae21-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

82f947d14a0a198dfe3cec2fde7896f6e332eb798cc193dad8da9ed2225277cd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
fastly-original-body-size: 366
strict-transport-security: max-age=31536000
content-length: 366
x-xss-protection: 1; mode=block
last-modified: Mon, 21 Mar 2022 17:03:50 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5768c32212c2a75ed48eec0167af077a"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Mar 2022 11:04:45 GMT

GET
H2 200 video-58056d34a8-rev.js Show response
www.zdnet.com/a/fly/js/translations/ 704 B
586 B 69ms
69ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/translations/video-58056d34a8-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

de3450b75712ff6900adf144159d25698de8adc14989f342a6b67be749b78760

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
fastly-original-body-size: 452
strict-transport-security: max-age=31536000
content-length: 452
x-xss-protection: 1; mode=block
last-modified: Mon, 21 Mar 2022 17:03:50 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "c08bd75a587d677a32f01b115bed2332"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Mar 2022 08:20:22 GMT

GET
H2 200 video-player.js Show response
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/ 933 KB
248 KB 72ms
72ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/video-player.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f97926aa27fe2056e80467cdfe9c6bbbc8e628e28467f1bb7c5a4a36a4bfadf4

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 253770
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Aug 2021 20:22:22 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5c5fa9a5d2e282f0d520cd290ff4328d"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 20 Mar 2022 02:02:24 GMT

GET
H2 200 waypoints.inview.js Show response
www.zdnet.com/a/fly/js/libs/jquery/ 3 KB
1 KB 69ms
69ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/jquery/waypoints.inview.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6965b96e7b7a71a5f93c220862b5ac3397c5c81352ad6b6e47b46a27fb93b4b0

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 829
x-xss-protection: 1; mode=block
last-modified: Wed, 23 Mar 2022 22:22:07 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "1441bf57e94928bbe0faf7de0ebfea1c"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Mar 2022 07:41:40 GMT

GET
H/1.1 200
OK NRBR-a22c617a7b2aab2da1c Show response
bam-cell.nr-data.net/1/ 49 B
715 B 355ms
303ms Script
text/javascript 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1215.1253ab8&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSgNCTVwCDwY9QVBYVQkH&rst=2386&ck=1&ref=https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/&ap=395&be=859&fe=2276&dc=1045&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1648481091870,%22n%22:0,%22f%22:335,%22dn%22:336,%22dne%22:367,%22c%22:367,%22s%22:446,%22ce%22:518,%22rq%22:518,%22rp%22:835,%22rpe%22:991,%22dl%22:839,%22di%22:1046,%22ds%22:1046,%22de%22:1046,%22dc%22:2276,%22l%22:2277,%22le%22:2286%7D,%22navigation%22:%7B%7D%7D&fp=1099&fcp=1099&at=GkEWQAhCSx5HAxIDThwe&jsonp=NREUM.setToken
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Mon, 28 Mar 2022 15:24:54 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6f316017a82e54bd-MAN

GET
H2 200 show-hide-1.0-2b8cfc35ab-rev.js Show response
www.zdnet.com/a/fly/js/components/ 2 KB
828 B 115ms
114ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/show-hide-1.0-2b8cfc35ab-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

1a703d617fb31d56238372d5bf78e9861b3a09b7447a0184bd5f1c178461ed12

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
fastly-original-body-size: 710
strict-transport-security: max-age=31536000
content-length: 710
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Mar 2022 19:25:48 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "538106dad5c02bdda844109ead1504a0"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Mar 2022 07:20:53 GMT

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 107ms
57ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 105ms
55ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 103ms
102ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=997831255783694&correlator=2961791018643446&eid=44742767%2C31065657%2C44755510&output=ldjh&gdfp_req=1&vrg=2022031601&ptt=17&impl=fifs&iu_parts=22309610186%2Caw-zdnet%2Cinnovation%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=4&adks=2231921556&sfv=1-0-38&ecs=20220328&fsapi=false&prev_scp=pos%3Dbottom%26sl%3Dmpu-bottom%253FLL%257CT-1000%26m_gv%3D70%2C60%2C50%2C40%2C30%2C20%2C10%26m_mv%3D80%2C70%2C60%2C50%2C40%2C30%2C20%2C10%26iid%3Dunit%253Dmpu-bottom%257Cvguid%253D126499e8-0f95-45b8-9335-0c8e6ebb264a%257Cpv%253D1&eri=1&cust_params=buyingcycle%3Ddiscover%26topic%3Dsecurity%252Ccybersecurity%26tag%3Dcyber-security%252Cransomware%252Ctarget%252Cmalware%252Cmicrosoft%26mfr%3Dsophos-inc%252Cmicrosoft%26pid%3Dmicrosoft-exchange-server%252Cmicrosoft-teams%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%252Csocial_user%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Dc%26pv%3D1%26vguid%3D126499e8-0f95-45b8-9335-0c8e6ebb264a%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgb_spam_news-ent_up%252Cgb_spam_serious_up%252Cgb_crime_edu%252Cgv_download%252Cgs_science%252Cmoat_unsafe%252Cgv_crime%252Cgb_spam_serious%252Cgb_spam_edu%252Cgb_spam_edu_up%252Cgs_tech%252Cgs_tech_computing%252Cgb_measurable%252Cgs_science_misc%26m_mv%3DdataAvailable%26m_gv%3DdataAvailable&sc=1&cookie_enabled=1&abxe=1&dt=1648481094301&lmt=1648480964&dlt=1648481092709&idt=1060&biw=1600&bih=1200&adxs=1050&adys=1505&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=370x250&msz=370x30&fws=4&ohw=370&ga_vid=261699053.1648481094&ga_sid=1648481094&ga_hid=1237797121&ga_fc=false&btvi=2&nvt=1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

4793e27f34b18ece33fa9103882465a964b98a854cdd769d3ac888a8a28a23a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9910
x-xss-protection: 0
google-lineitem-id: 5688542871
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138349983451
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 208ms
116ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7618 0
0 78ms
78ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu2UiaTZji7WSB3igr4TXccTB5W1NfyTJ8mzssCKHThG-rK4EKVlpzTuHW1Bf7UrBrr9ziiiTzsYASh4L2HpC7pGz135IRDyTwp6njGnb7Uwl7z8fWFkORzf7MdJxC6YPB4z2Thtptaf5JtXJmQoRqKn63T7h2xggq6RsXSQUduEZOIfAPdXumHS-3b0xqrpSpUtkpdYufMkcFIz1nN14-tfRqv3iPpEy1EPn79cuA_qVjAyrOzYKxHe1TMSUOoA-YCHb6VGbM_iXqysCtF_casENTlpeqTSCo18dUyDfp9n2VFIXOblGJAZCzC9jEuIfFtWD7GxLAiCEVbioSctq-t&sai=AMfl-YR6MHX4mh8abbbrtg1BxKmCA0TBSibK8L66J7yoaPfU135hNu36u5PrCSCghpo0mC_tkK1D3nPLZmNSIIiT1JmVpO_lQsbfCT8QJPdXOszSV1UubvXTPUFHZoTkXHc&sig=Cg0ArKJSzCaSmAugzd0PEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 ad.js Show response
clipcentric-a.akamaihd.net/ad/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/ Frame 7618 160 KB
43 KB 550ms
412ms Script
text/javascript 2.16.107.105
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://clipcentric-a.akamaihd.net/ad/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/ad.js?q=1629759099

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.107.105 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-107-105.deploy.static.akamaitechnologies.com

Software

Apache/2.2.34 /

Resource Hash

3f210c7931a7bdc2b9f19435668d32d6bb23c84dc661238452b1f33c2c0b2ec5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: br
last-modified: Thu Jan 1 00:00:00 1970
server: Apache/2.2.34
x-frame-options: SAMEORIGIN
content-type: text/javascript
cache-control: max-age=3600
content-length: 44122

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 7618 8 KB
4 KB 161ms
45ms Script
application/javascript 2a02:26f0:7100:29b::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js
Requested by: Host: t.co
URL: https://t.co/J3NaA4LXsi
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:29b::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ae9d517b524b7ab6eee037b323de049b49944e62d9cf213b69169c68e0f3d0e5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Mon, 28 Mar 2022 15:24:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Mar 2022 05:41:02 GMT
Server: Microsoft-IIS/10.0
ETag: "02bd0686642d81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3302

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7618 119 KB
37 KB 175ms
82ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame 7618 337 KB
113 KB 51ms
51ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: t.co
URL: https://t.co/J3NaA4LXsi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1cb675a340facabb5ce9b7d58a7dd324d8b893ba0dd5f6528b947d4cc6c1f03d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
last-modified: Fri, 25 Mar 2022 19:44:00 GMT
server: AmazonS3
x-amz-request-id: AZJNGWZ2Q8P5MZ51
etag: "e318040ca3fedf1870c2114cb0c09a08"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=54883
accept-ranges: bytes
content-length: 114662
x-amz-id-2: tj4sBSgqoNRYHtxKJJcLWmoWVwUjdbjoo1cVkebLFD2RR3XJiR4KLlW7bz4pSh/fwl16fCUxymI=

GET
H3

200

B27248518.330464835;dc_pre=CMyjuNCO6fYCFZ68dwodQ34DuA;dc_trk_aid=522465152;dc_trk_cid=167573858;ord=907719058;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
ad.doubleclick.net/ddm/trackimp/N30602.281526ZDNET2/ Frame 7618
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N30602.281526ZDNET2/B27248518.330464835;dc_trk_aid=522465152;dc_trk_cid=167573858;ord=907719058;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr...
https://ad.doubleclick.net/ddm/trackimp/N30602.281526ZDNET2/B27248518.330464835;dc_pre=CMyjuNCO6fYCFZ68dwodQ34DuA;dc_trk_aid=522465152;dc_trk_cid=167573858;ord=907719058;dc_lat=;dc_rdid=;tag_for_ch...

42 B
63 B

125ms
74ms

Image
image/gif

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N30602.281526ZDNET2/B27248518.330464835;dc_pre=CMyjuNCO6fYCFZ68dwodQ34DuA;dc_trk_aid=522465152;dc_trk_cid=167573858;ord=907719058;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N30602.281526ZDNET2/B27248518.330464835;dc_pre=CMyjuNCO6fYCFZ68dwodQ34DuA;dc_trk_aid=522465152;dc_trk_cid=167573858;ord=907719058;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 56E0 0
0 81ms
80ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsse5WBWJtWP7sT2PuReMQQ80LAasiU1TlG6UYTX2qbFJgKp71uF_N81ufe91KoEIbPZSLN6viWJ9_DOS15CR0gbRsePbee1dIL0LO4BlMt3BTdtA4E-SzplMwP76LpZW1K8IjmNkUgyu_wVYh7zn-czbS_R-RAc5T7_DvoVOGL5pp7rPyMmfFGe3AOlOJnNuZJ8yLJQvhA-VVJJhoEUh8D1x6xqx09MJcvLzQFewMHmjYudxKLykEcJRQRSGQnVlzOp3l_5pv1YYu7uKvuCVfEQmZIXd5OKPnx6xxzr5Ytt3mliUxL8StK-jaEHUWZr9POMVix_oHhiw47mqCXf&sai=AMfl-YR7FynwhcI-turH323g6nBIS9lfUn0akWIZiQqhktRmbgcWKeLnQVeJP-6kv_3EfUOWy06VDUAeA3jpwYbUqYe0s0-QbVxsOHL-lg6uS7kzkIjP6KCmDWtqY-cLglU&sig=Cg0ArKJSzLrCnkZaiaJnEAE&uach_m=[UACH]&adurl=

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame 56E0 2 KB
2 KB 79ms
41ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/window_focus_fy2019.js

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 14:52:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1937
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Apr 2022 14:52:37 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 56E0 119 KB
36 KB 236ms
163ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame 56E0 337 KB
113 KB 77ms
76ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: t.co
URL: https://t.co/J3NaA4LXsi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1cb675a340facabb5ce9b7d58a7dd324d8b893ba0dd5f6528b947d4cc6c1f03d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
last-modified: Fri, 25 Mar 2022 19:44:00 GMT
server: AmazonS3
x-amz-request-id: AZJNGWZ2Q8P5MZ51
etag: "e318040ca3fedf1870c2114cb0c09a08"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=54883
accept-ranges: bytes
content-length: 114662
x-amz-id-2: tj4sBSgqoNRYHtxKJJcLWmoWVwUjdbjoo1cVkebLFD2RR3XJiR4KLlW7bz4pSh/fwl16fCUxymI=

GET
H2 200 4612481032926559835
tpc.googlesyndication.com/simgad/ Frame 56E0 54 KB
55 KB 79ms
42ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4612481032926559835

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

694ea356ba8923d3c1570a97fd86caac39ef79023f69aca288bbc3999707dbc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 21:54:03 GMT
x-content-type-options: nosniff
age: 581451
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55528
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 20:08:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 21 Mar 2023 21:54:03 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012203150226000/ Frame 59F9 222 KB
62 KB 141ms
40ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203231234/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 598468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62084
x-xss-protection: 0
server: sffe
date: Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fa1474a6dd6481f4"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 21 Mar 2023 17:10:26 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 59F9 16 KB
6 KB 214ms
114ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203231234/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 598468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
server: sffe
date: Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d91e62368f79b48d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 21 Mar 2023 17:10:26 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 59F9 96 KB
29 KB 220ms
119ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203231234/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 598468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29618
x-xss-protection: 0
server: sffe
date: Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9a9baa9802fa29d2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 21 Mar 2023 17:10:26 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 59F9 5 KB
2 KB 243ms
143ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203231234/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 308372
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1900
x-xss-protection: 0
server: sffe
date: Fri, 25 Mar 2022 01:45:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3393210d007db9ca"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 25 Mar 2023 01:45:22 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 59F9 42 KB
13 KB 244ms
143ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203231234/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 86439
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13669
x-xss-protection: 0
server: sffe
date: Sun, 27 Mar 2022 15:24:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "565eca32a909292d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 27 Mar 2023 15:24:15 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 59F9 6 KB
1 KB 154ms
52ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203231234/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 14:38:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 28 Mar 2022 15:24:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H/1.1 200
OK pixel
protected-by.clarium.io/ 68 B
345 B 197ms
51ms Image
image/png 18.196.6.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_SjNVWEZlZTF4Y2xZLWJmRmxXaDFtSVpfcGhVLzI4NzA3ODYwNzU6MzAweDI1MA==&v=5&s=v31fv8i2iod&sb=-1&h=www.zdnet.com&cb=8746271&d=eyJ3aCI6IlNqTlZXRVpsWlRGNFkyeFpMV0ptUm14WGFERnRTVnBmY0doVkx6STROekEzT0RZd056VTZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyODcwNzg2MDc1LCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.6.202 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-6-202.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Mar 2022 15:24:54 GMT
Server: nginx/1.14.0 (Ubuntu)
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 68
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 59F9 2 KB
3 KB 105ms
104ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 09:41:38 GMT
x-content-type-options: nosniff
server: cafe
age: 20596
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 29 Mar 2022 09:41:38 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 59F9 295 B
416 B 104ms
103ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 19909
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 29 Mar 2022 09:53:05 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 59F9 0
0 151ms
55ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS34bteB8q8TAto1iEyvi27Taft-mM3EnFJZ4Ywjm7V561N7uIdn4ifnmnL4GY_lvq9evOWYw7H15ntfgFQWq1aB5-8JQ
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 59F9 0
0 83ms
83ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C8UcjRdNBYvPUN4Hd3wPTzLeoDZGSzKNpxvSisbsPt7fNuc0vEAEg97vHgwFgu4aAgNAKoAGZ0ZS0KMgBCakCvrW_45P7tT7gAgCoAwHIAwqqBOECT9DziPOWTDW8_RXDX4zYc18NwcaYqbgiUpvERZPyHGSYbvrqx46cTvH3V8wkk71zp356P1N4VGpOYl-qFE2eVzv_k_fZmb7WTL4wqzSM6kak8aQ5E-3qVSLTMqym8KWcJCsMrFtjLdbJmpxre438YauwcIMCL0I2leJ1gWSNLAg8uvMAxLB642BWrQJRp9eOu5tMhKQ7vcrDhAFyxpIUvruSe9fMLQujkh5GsTM6EgnLS9rVvYmX_9A0xu2FjWWqR9wxtvSfbrzeJZk-62Dbx6eBSS8DV_OdrG_RXpp0sgfInsUcQaKk9PG1Wt3i_TzKH98lJTZNSY9zymqgeFBrLQzZmCaOZ0oKuguU2kkaxJR7xHKtBB8iqrm1Hrjw2aBy6f2AdWTfU1SN4h-NmoMRKBDoBV8fvfrh9ONdBZwjo_EznCqG1pdpb7pCdxLFe3y19OVceRUlOvjmaL4OrYkwrePABImz7cj7A-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeZieWTA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEJTvHNIICQiI4YAQEAEYHYAKA8gLAdgTDNAVAZgWAYAXAbIXHgocCAASFHB1Yi04ODIwMzYyNjA1NzExMTk2GMmbeg&sigh=0DmOkGT56ps&uach_m=[UACH]&template_id=484
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/11833926719445551853/ Frame 59F9 21 KB
22 KB 109ms
108ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11833926719445551853/downsize_200k_v1?w=400&h=209

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c28220799abe0a10a15769fa2400b402a0152726b6b9fde5fa7e9e21ba46715a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 13:01:57 GMT
x-content-type-options: nosniff
age: 267777
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22009
x-xss-protection: 0
last-modified: Wed, 16 Feb 2022 14:38:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 25 Mar 2023 13:01:57 GMT

GET
DATA 200
OK truncated
/ Frame 59F9 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 59F9 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66b46adfc69de4aef0618116a5b97e49bc6fdcefb054bef307f268bb0dd64a5c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 55ms
43ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_HEADER1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=https%3A%2F%2Ft.co&t=1648481093964&de=611580092238&rx=516590785093&m=0&ar=3e87cfd1033-clean&iw=f366f1c&q=3&cb=0&cu=1648481093964&ll=2&lm=0&ln=0&em=0&en=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&bo=aw-zdnet&bd=security&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&zMoatpos=middle&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-middle%3FLL%7CT-1000&pe=1%3A1100%3A1100%3A2286%3A1045&jk=-1&jm=-1&fs=197910&na=1739738393&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9141 0
0 79ms
79ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstir2j05MmTHAuvf4CCcS2dfISMZeNbMqk7sjxDh68Yz2QuTMhj9EFQOceEEA8c_qc2PcW9viVqd--B8s_TBFw62uycjlkbM9NKZdgEBluqfo536JtI8vdH2YV_fkaycmyOd57WSsaBvUqi9vk0Eg85fKur-VpHlJ7J5e4q1wND8TPH_-jBJFyrzY5Gh-z6vqqvhqrh1hkiqnxbgJmwWfM2EsZsBpScw9jHtZw_LsPmOrRwMeGgU-oWLmrmgoKHYrZxbD2rcOdZFUjXY6V-bXOqDY3OhEypuwUreeo6pZzh4qf0G-Ns7_CkFsZ_hsnkxkGq0nkWmp9YOEg&sai=AMfl-YTbVEKNTOJDi7YoCvPRTIOkfgUTn603KeolKW3GTPuePLj5IsfRt4HvY2HLXStpahH4lrlbe_GNq3omeWTXKsitWpgNd7JobH9atWDXEU0p3wsbXiBNsME6Z0bL9Atm&sig=Cg0ArKJSzL-ZzVcNXSBIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 9141 82 KB
27 KB 111ms
110ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

5f4c791492ebdba5b3510d1f4cc6294e09840872775a31e3a57f4fd1715b2e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28079
x-xss-protection: 0
server: sffe
etag: "1171 / 350 of 1000 / last-modified: 1648465662"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9141 119 KB
36 KB 114ms
113ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame 9141 337 KB
113 KB 50ms
50ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: t.co
URL: https://t.co/J3NaA4LXsi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1cb675a340facabb5ce9b7d58a7dd324d8b893ba0dd5f6528b947d4cc6c1f03d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
last-modified: Fri, 25 Mar 2022 19:44:00 GMT
server: AmazonS3
x-amz-request-id: AZJNGWZ2Q8P5MZ51
etag: "e318040ca3fedf1870c2114cb0c09a08"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=54883
accept-ranges: bytes
content-length: 114662
x-amz-id-2: tj4sBSgqoNRYHtxKJJcLWmoWVwUjdbjoo1cVkebLFD2RR3XJiR4KLlW7bz4pSh/fwl16fCUxymI=

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
955 B 233ms
232ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

27c4c3f3cef45e73dba278fa644b66b5f3350f4d72d3c0fd384ee19bff01b271

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-bf4086e6bc3039b3----1648481094515
traceparent: 00-8bc034f7cc3c12de9d06a9483e625af0-bf4086e6bc3039b3-01
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiYmY0MDg2ZTZiYzMwMzliMyIsInRyIjoiOGJjMDM0ZjdjYzNjMTJkZTlkMDZhOTQ4M2U2MjVhZjAiLCJ0aSI6MTY0ODQ4MTA5NDUxNSwidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFZWRxcNB0NFUhQ7Rl9XBQMXPUMKVxVnVFtVWgsbTQFPA1JUBgdNVk0IAAZdUE4aABtEVAEFBABXVQMDUg1VCwAFARFJXwBdElY/
x-frame-options: SAMEORIGIN
date: Mon, 28 Mar 2022 15:24:54 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 80ba65e3-f2de-407d-92f0-c3585722fb77
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0, must-revalidate, private
accept-ranges: bytes
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H/1.1 200
OK dv-measurements2439.js Show response
cdn.doubleverify.com/ Frame 5B98 513 KB
95 KB 52ms
52ms Script
application/javascript 2a02:26f0:7100:29b::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements2439.js
Requested by: Host: t.co
URL: https://t.co/J3NaA4LXsi
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:29b::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 2f2668f538fd2169ea4cd0341da6b502f9bb741adc42cdbeb546b41b1fafda60

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Mon, 28 Mar 2022 15:24:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Mar 2022 04:14:03 GMT
Server: Microsoft-IIS/10.0
ETag: "80f7b425a42d81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 97027

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 713C 13 KB
5 KB 96ms
42ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Mar 2022 15:22:47 GMT
expires: Tue, 28 Mar 2023 15:22:47 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 127
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6040 783 B
1002 B 104ms
78ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6c078b3079c5be6998624a45b53b0342271216cd2cd0685afa5a9868c08494c7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yWixVk5Bi+3ybmTRF1Db7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 28 Mar 2022 15:24:54 GMT
date: Mon, 28 Mar 2022 15:24:54 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-yWixVk5Bi+3ybmTRF1Db7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 59F9 15 KB
16 KB 136ms
41ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.zdnet.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 20:07:55 GMT
x-content-type-options: nosniff
age: 501419
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 22 Mar 2023 20:07:55 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 59F9 15 KB
15 KB 146ms
53ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.zdnet.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 11:22:37 GMT
x-content-type-options: nosniff
age: 446537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Mar 2023 11:22:37 GMT

GET
DATA 200
OK truncated
/ Frame 7618 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab22fb06853c9f40bd176af7285ac49a03e20a8aeb7b796421eb2aebcfddb51d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 45ms
44ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1648481094612&de=873930616549&m=0&ar=b4c2745aeba-clean&iw=5a3884c&q=7&cb=0&ym=0&cu=1648481094612&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5041399663%3A2992948681%3A5944704717%3A138384207765&zMoatW=5&zMoatH=5&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=nav-ad-plus-leader%3FT-1000&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A1100%3A1100%3A2286%3A1045&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=197895&na=1742698295&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H3 200 pubads_impl_2022031601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 9141 365 KB
124 KB 42ms
41ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:12:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 726
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126823
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 08:34:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 28 Mar 2023 15:12:48 GMT

GET
DATA 200
OK truncated
/ Frame 9141 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ea76404cf0e0a0b77894169bd63bd5be869c621c33eabcb68be0fb1361ee418

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 56E0 0
0 78ms
77ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstbNvO0x5147TqLEtwe3oACk1O3-vXbiuwWSWJCbsk_PeDc_0C77h0uihiviMlXtUkGeX_2jb_Y9MXD-iAcG-KbFhPcDviLH4ISC4FKGH7GRwBYR8eYEsFdMb1VLY5Uw_9X4WSusi7eXt0YGUkXgfGkRDq_6ex0nu7UqyUNK8vkB6e0wiLCoHVC8nqRLnlNEt-eg057-J3J-am5FN8CoIQULvqMgHq8JCoxWqwnOhdORhiInlp5AUvwDTEOR_CepTYwZlgw1HtHlibR9aXJhKAVutdrpNQ2LNxo72SwWh1P6DW3RUzTLMjThmP_JPOwLwNJL-fC1D8X3188hJd8Dps&sai=AMfl-YQkwSLC6yW1FlFd1Dk4flv3hD0ze_pvdQqBDc9NmtAg-M926Vr98h1hdu7VhJKRIpCGDEUCwy2_Czt-ClYOutHL9Nefod5sRTKP1iWpsrMFIqpFo0j0cZtZBBRhQzM&sig=Cg0ArKJSzGaZyYGGyXn5EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
DATA 200
OK truncated
/ Frame 56E0 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 28020915b2e554ce93ee3bf8088afb400ef0765058902448cddcbd8de8222681

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 141ms
41ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=3&fi=1&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5070475830&L2id=2986437098&L3id=5929908675&L4id=138382842584&S1id=22308610192&S2id=22364980500&ord=1648481094697&r=655614722382&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=top&zMoatPT=article&zMoatSL=mpu-plus-top%3FT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 141ms
42ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=3&fi=1&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5070475830&L2id=2986437098&L3id=5929908675&L4id=138382842584&S1id=22308610192&S2id=22364980500&ord=1648481094697&r=655614722382&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=top&zMoatPT=article&zMoatSL=mpu-plus-top%3FT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 142ms
44ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=3&fi=1&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5070475830&L2id=2986437098&L3id=5929908675&L4id=138382842584&S1id=22308610192&S2id=22364980500&ord=1648481094697&r=655614722382&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=top&zMoatPT=article&zMoatSL=mpu-plus-top%3FT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7618 0
0 78ms
78ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvmsq1CAq33QGOIWfXoQy7aUibHlRpx_LUTJu--7sE3cafVoQjSTilkAApEt7Oj_uQ7s-l9rfgVqHy_uXrwV8v92rCREe_x4jrlLVo_3EeT4U9SdmG3HTDFq0rZ6dxJjHzWW4h31JOqLavLp5BhpMqbGEHJX5MK6UrqTjmImpedcoFI003uT8Jo4DsZMmsBacw-JTzmzg5sO-YSAC3hzEYj1ki59nrq5XfMlycK_zWBAM2xhElJrfWAzWnnq5n6lDuVoPs32RhKu7fZJaiP1brWtotETjD7LRL4uIzOWcMnWTWAdCiWBMmhIFIkuRdjRm0xLuKMlaeHXoVhEmAY9M6cF20&sai=AMfl-YRJK_JgOL1jE4s0-dvLz-mQtkiMfxW7Xs0ugmb0Dub_NdA-qC-znx7d2LYVaDg30leCcykeX8ZhFwmu7MaLtndFMvMbIZVC2lckigd4uIm1SCKSvTYD81E_R9idje0&sig=Cg0ArKJSzDKufOrgfMCtEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 45ms
45ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=bottom&zMoatSZPS=300x250%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1648481094674&de=900138232224&m=0&ar=b4c2745aeba-clean&iw=5a3884c&q=11&cb=0&ym=0&cu=1648481094674&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5688542871%3A138349983451&zMoatW=300&zMoatH=250&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=mpu-bottom%3FLL%7CT-1000&zMoatMMV=80%2C70%2C60%2C50%2C40%2C30%2C20%2C10&zMoatMMV_MAX=80&zMoatMGV=70%2C60%2C50%2C40%2C30%2C20%2C10&zMoatMSafety=unsafe&zMoatMData=1&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A1100%3A1100%3A2286%3A1045&iq=80&tt=70&tu=1&tp=unsafe&jk=-1&jm=-1&fs=197895&na=1979493556&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 5B98 1 KB
1 KB 245ms
46ms Script
text/javascript 213.254.244.25
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=273&ttfrms=22&brid=3&brver=99.0.4844.84&bridua=3&bds=1&tstype=2&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5DK5%3F6E%5D4%40%3ETau2CE%3A4%3D6TauE9%3AD%5C%3F6H%5CC2%3FD%40%3EH2C6%5C92D%5C366%3F%5CDA%40EE65%5C%3A%3F%5CEH%40%5CG6CJ%5C5%3A776C6%3FE%5C2EE24%3CD%5CD2J%5CC6D62C496CDTauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5DK5%3F6E%5D4%40%3ETar9EEADTbpTauTauHHH%5DK5%3F6E%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=14&ddur=163&uid=1648481094840406&jsCallback=dvCallback_1648481094840141&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F99.0.4844.84%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=2439&tgjsver=2439&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&fwc=0&fcl=985&flt=31&fec=1564&fcifrms=8&brh=2&sdf=2&dvp_epl=291&noc=4&ctx=21716515&cmp=27248518&sid=6804423&plc=330464835&btreg=138384207765&adsrv=1&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=38586260.784569055&dvp_tukv=5069405617.950767&dvp_uuid=5787464.311192936&dvp_tuid=280757962784
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements2439.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.25 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: 9cef34dd8ac6a5a30659882b8beb7e21a0f686042e323557b1e7822deb27777a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Mar 2022 15:24:55 GMT
Content-Encoding: br
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 03/27/2022 15:24:55

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ Frame 9141 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9141 107 B
122 B 50ms
50ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9141 0
20 B 125ms
76ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sra_setclickurl&pvsid=857007513451230&lenfreqs=586%3A1&vrg=2022031601&nw_id=22309610186&nslots=1&eid=31065713%2C31065749%2C31065802%2C31065550%2C31065655&pub_url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9141 30 KB
12 KB 102ms
102ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=857007513451230&correlator=1272163834422357&eid=31065713%2C31065749%2C31065802%2C31065550%2C31065655&output=ldjh&gdfp_req=1&vrg=2022031601&ptt=17&impl=fif&iu_parts=22309610186%2Caw-rv%2Civt&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=1&adks=1319207525&sfv=1-0-38&ecs=20220328&click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjst6yYTL9Y4wNEpsYEpikT4DMBe-kJDByH7kfFj03z5pp8CeOacBw9RcMdvJEal_d4LDoLFUrCL2oYql1QcVzU7hqBTLTTVOSGRGeIhKLHA_ardhcKouw_sYMvpSkjuZYsaOqoo_12tKBViHklQewnTtwGt75rvuNzNTYKVYM4E18WCs_Dz5uBoftLRRZIjwCSGNefFo-lcITB_L2bf2OAjb6Se_RJ1Y92HxKT8oXiFOo3WT1EV-mhh_rScg8DQZfInF1YrE6nF2ErRpXxIFger8Ek0DVYbvfxNyGN4QbO3xue9HKaIWF_2MH3PF-LfjqaguyyPEqrs%26sai%3DAMfl-YQ7sp0hb8Lj-GK1bGPfvuSK6FciSu7mj4blTdiPFvBpAoKdSYs6GH7RlaJiJ9M7HbhhFXQxQA6E6HAdEGdXOKADwYwc8rBk53Bhzqs21rB1kCaYcaY9CbpAQcUJnYsI%26sig%3DCg0ArKJSzEJRI-aWH0p7EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&fsapi=false&prev_scp=campaign%3D5677026463&sc=1&cookie=ID%3De1cef7e9e0109a61-226ee15b67cd003a%3AT%3D1648481094%3AS%3DALNI_MZSkUq6_ppJxjkqMaPSQYtfOerJwQ&cdm=www.zdnet.com&abxe=1&dt=1648481094887&lmt=1648481094&dlt=1648481094451&idt=426&biw=1600&bih=1200&isw=300&ish=250&adxs=1050&adys=2022&ucis=vzl0zzjj9e81&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=300x0&fws=256&ohw=0&ea=0&ga_vid=434430007.1648481095&ga_sid=1648481095&ga_hid=138551275&ga_fc=false&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

8d2889e24da98adaeee205eba16b04f4220cf0a24ca458af39cebb8977cfd8ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12745
x-xss-protection: 0
google-lineitem-id: 5677026463
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138355023537
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8beb4ede8720e0f2cd48cc2eb824a45e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 32CA 6 KB
3 KB 79ms
50ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8beb4ede8720e0f2cd48cc2eb824a45e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 28 Mar 2022 15:24:54 GMT
expires: Tue, 28 Mar 2023 15:24:54 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK NRBR-a22c617a7b2aab2da1c Show response
bam-cell.nr-data.net/events/1/ 24 B
501 B 166ms
166ms XHR
image/gif 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1215.1253ab8&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSgNCTVwCDwY9QVBYVQkH&rst=3033&ck=1&ref=https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
content-type: text/plain

Response headers

Date: Mon, 28 Mar 2022 15:24:55 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 6f31601b3f4a54bd-MAN
Content-Length: 24

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 42ms
41ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=218&fi=1&apd=220&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5070475830&L2id=2986437098&L3id=5929908675&L4id=138382842584&S1id=22308610192&S2id=22364980500&ord=1648481094697&r=655614722382&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=top&zMoatPT=article&zMoatSL=mpu-plus-top%3FT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 47ms
47ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x600&zMoatPS=top&zMoatSZPS=300x600%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1648481094697&de=655614722382&m=0&ar=b4c2745aeba-clean&iw=5a3884c&q=15&cb=0&ym=0&cu=1648481094697&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5070475830%3A2986437098%3A5929908675%3A138382842584&zMoatW=300&zMoatH=600&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=mpu-plus-top%3FT-1000&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A1100%3A1100%3A2286%3A1045&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=197895&na=1766665299&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:54 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:54 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6040 0
0 113ms
95ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031601&jk=997831255783694&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 200 njEQSFvQmVZPXGz1GqDnvx6UYUmy29w-ZdzcuuIp78M.js Show response
pagead2.googlesyndication.com/bg/ Frame 713C 35 KB
13 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/njEQSFvQmVZPXGz1GqDnvx6UYUmy29w-ZdzcuuIp78M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e3110485bd099564f5c6cf51aa0e7bf1e946149b2dbdc3e65dcdcbae229efc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 14:22:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3751
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13638
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 14:22:23 GMT

POST
H/1.1 204
No Content /
02179912.akstat.io/ 0
354 B 304ms
218ms Ping
image/gif 2a02:26f0:6c00:2b9::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://02179912.akstat.io/

Requested by

Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 28 Mar 2022 15:24:55 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 60ms
60ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x600&zMoatPS=top&zMoatSZPS=300x600%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F4612481032926559835&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=0&g=0&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094697&de=655614722382&cu=1648481094697&m=15&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3848&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=0&ag=3&an=0&gf=3&gg=0&ix=3&ic=3&ez=1&aj=1&pg=100&pf=0&ib=1&cc=0&bw=3&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5&cd=0&ah=5&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5070475830%3A2986437098%3A5929908675%3A138382842584&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=300&zMoatH=600&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=mpu-plus-top%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=3&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=1139799786&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 ad.html Show response
clipcentric-a.akamaihd.net/user-9/resources/ Frame 0059 93 B
290 B 41ms
41ms Document
text/html 2.16.107.105
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://clipcentric-a.akamaihd.net/user-9/resources/ad.html
Requested by: Host: clipcentric-a.akamaihd.net
URL: https://clipcentric-a.akamaihd.net/ad/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/ad.js?q=1629759099
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.107.105 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-105.deploy.static.akamaitechnologies.com
Software: Apache/2.2.34 /
Resource Hash: e571945dec453fbc4c8177ad3af3f176dc562cf51fe40a10529b69e0b2b1e577

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Response headers

expires: Wed, 20 Apr 2022 19:25:49 GMT
last-modified: Tue, 04 May 2021 03:22:49 GMT
etag: "5d-5c17897b4d440"
cache-control: max-age=2592000
server: Apache/2.2.34
content-type: text/html; charset=UTF-8
accept-ranges: bytes
content-encoding: gzip
content-length: 86
date: Mon, 28 Mar 2022 15:24:55 GMT
vary: Accept-Encoding

GET
H2 200 store.phtml Show response
ad.clipcentric.com/user-9/resources/ Frame 882D 3 KB
3 KB 146ms
47ms Document
text/html 143.204.98.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.clipcentric.com/user-9/resources/store.phtml?v200530
Requested by: Host: clipcentric-a.akamaihd.net
URL: https://clipcentric-a.akamaihd.net/ad/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/ad.js?q=1629759099
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-110.fra50.r.cloudfront.net
Software: Apache/2.2.34 /
Resource Hash: 81bcd7a6372e5ca7f7d12382fe1787bd4635eede42b3a79da6937c6d2354ed8b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Response headers

content-type: text/html; charset=UTF-8
content-length: 2965
date: Mon, 26 Jul 2021 00:31:36 GMT
server: Apache/2.2.34
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: n0iZbnpcnLWhCO1VdzW0hDHnfN_DcbgKD2__gYJTQkj2kEtw9sZ5Rw==
age: 21221599

GET
DATA 200
OK truncated
/ Frame 09E2 750 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9cac3eeba1fc86e06fdc013a4c52742e9b4bd14b7be6517321127d4515095ce

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 E=in,im,fi
tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=64/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/ Frame 7618 35 B
160 B 155ms
44ms Image
image/gif 18.196.229.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=64/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/E=in,im,fi

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.229.80 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-229-80.eu-central-1.compute.amazonaws.com

Software

Apache/2.2.34 /

Resource Hash

6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
x-frame-options: SAMEORIGIN
content-type: image/gif

GET
H2 200 jzzbn5Yz
clipcentric-a.akamaihd.net/file/1247385/ad_q75/1629912718/ Frame 7618 12 KB
12 KB 142ms
141ms Image
image/avif 2.16.107.105
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://clipcentric-a.akamaihd.net/file/1247385/ad_q75/1629912718/jzzbn5Yz?f=auto

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.107.105 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-107-105.deploy.static.akamaitechnologies.com

Software

Apache/2.2.34 /

Resource Hash

e245a4382cf4ab471b9b8d24917843175bd4327a4eb15a3574d7d52c91c8193f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Wed, 25 Aug 2021 17:32:19 GMT
server: Apache/2.2.34
x-frame-options: SAMEORIGIN
content-type: image/avif
access-control-allow-origin: *
cache-control: private, max-age=31536000
content-length: 12172

GET
H2 200 kzH4toB3
clipcentric-a.akamaihd.net/file/1246090/ad_q75/1629760675/ Frame 7618 12 KB
12 KB 317ms
316ms Image
image/avif 2.16.107.105
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://clipcentric-a.akamaihd.net/file/1246090/ad_q75/1629760675/kzH4toB3?f=auto

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.107.105 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-107-105.deploy.static.akamaitechnologies.com

Software

Apache/2.2.34 /

Resource Hash

1072bb617a787627b5569dddf56fb15f2c28b3be18e04ff7a8014158b199532b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Mon, 23 Aug 2021 23:23:52 GMT
server: Apache/2.2.34
x-frame-options: SAMEORIGIN
content-type: image/avif
access-control-allow-origin: *
cache-control: private, max-age=31536000
content-length: 12585

GET
H2 200 E=ls:Clipcentric%20Site%20Fixes.0,li
tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=68/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/ Frame 7618 35 B
159 B 155ms
44ms Image
image/gif 18.196.229.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=68/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/E=ls:Clipcentric%20Site%20Fixes.0,li

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.229.80 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-229-80.eu-central-1.compute.amazonaws.com

Software

Apache/2.2.34 /

Resource Hash

6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
x-frame-options: SAMEORIGIN
content-type: image/gif

GET
H2 200 E=ls:Super%20Billboard.0
tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=79/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/ Frame 7618 35 B
159 B 155ms
45ms Image
image/gif 18.196.229.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=79/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/E=ls:Super%20Billboard.0

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.229.80 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-229-80.eu-central-1.compute.amazonaws.com

Software

Apache/2.2.34 /

Resource Hash

6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
x-frame-options: SAMEORIGIN
content-type: image/gif

GET
H2 200 E=ls:hotspots%20collapsed.0
tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=98/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/ Frame 7618 35 B
159 B 155ms
45ms Image
image/gif 18.196.229.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=98/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/E=ls:hotspots%20collapsed.0

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.229.80 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-229-80.eu-central-1.compute.amazonaws.com

Software

Apache/2.2.34 /

Resource Hash

6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
x-frame-options: SAMEORIGIN
content-type: image/gif

GET
H2 200 E=ls:on%20scroll%20full%20collapse.0
tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=99/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/ Frame 7618 35 B
159 B 190ms
80ms Image
image/gif 18.196.229.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=99/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/E=ls:on%20scroll%20full%20collapse.0

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.229.80 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-229-80.eu-central-1.compute.amazonaws.com

Software

Apache/2.2.34 /

Resource Hash

6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
x-frame-options: SAMEORIGIN
content-type: image/gif

GET
H2 200 E=ls:custom%20ad%20controls.0
tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=99/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/ Frame 7618 35 B
159 B 190ms
80ms Image
image/gif 18.196.229.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.229.80 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-229-80.eu-central-1.compute.amazonaws.com

Software

Apache/2.2.34 /

Resource Hash

6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
x-frame-options: SAMEORIGIN
content-type: image/gif

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FBCA 0
0 77ms
77ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv66bV_nCIA_0YuhFYsR3czkC5qPieQQeWUFJhiO8rmSrB0J9GCT0w8nDDY8A06EdZqfWan6gKignqCba-28Dg0dDIYqGAOloXfMiZBlcf33VY5eaAoEnnLardxq_5-bOKiQyHjXnNAQ8bI5YiePzH9B1RaiiJnNo6vXu0NsNnQaFoBGYHDCTA6FEHRO7PeBXpTsYdAgUB1C1J8AWokvzCtz-8EtVY72vFCAYmAimttQbX6tBl4By5c_NWzWOhSN_iaEkXYx8zybu9x2ZComAMGyUwbHOx740dS253skbCK675jc4Qb5g&sig=Cg0ArKJSzGEtiisKDP3VEAE&uach_m=[UACH]&adurl=

Requested by

Host: t.co
URL: https://t.co/J3NaA4LXsi

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame FBCA 2 KB
1 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:22:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Apr 2022 15:22:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FBCA 119 KB
36 KB 104ms
50ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FBCA 0
0 109ms
53ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT_NbmOSbRGGno_8NrFNN2gHNbUtFcvGYx8Yin08tmWdWE1EV0BpVZaKPTwYS-Wj7Au-EME1wZkYlAq-I7gjgiPsZaWuQ
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame FBCA 337 KB
113 KB 52ms
51ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1cb675a340facabb5ce9b7d58a7dd324d8b893ba0dd5f6528b947d4cc6c1f03d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
content-encoding: gzip
last-modified: Fri, 25 Mar 2022 19:44:00 GMT
server: AmazonS3
x-amz-request-id: AZJNGWZ2Q8P5MZ51
etag: "e318040ca3fedf1870c2114cb0c09a08"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=54882
accept-ranges: bytes
content-length: 114662
x-amz-id-2: tj4sBSgqoNRYHtxKJJcLWmoWVwUjdbjoo1cVkebLFD2RR3XJiR4KLlW7bz4pSh/fwl16fCUxymI=

GET
H3 200 16181266791146063110
tpc.googlesyndication.com/simgad/ Frame FBCA 17 KB
17 KB 52ms
52ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16181266791146063110

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:28:26 GMT
x-content-type-options: nosniff
age: 420989
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17729
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:34:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/content-ads-owners
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Mar 2023 18:28:26 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 43ms
42ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=26&fi=1&apd=52&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5041399663&L2id=2992948681&L3id=5944704717&L4id=138384207765&S1id=22308610192&S2id=22364980500&ord=1648481094612&r=873930616549&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=nav&zMoatPT=article&zMoatSL=nav-ad-plus-leader%3FT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 43ms
43ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=26&fi=1&apd=52&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5041399663&L2id=2992948681&L3id=5944704717&L4id=138384207765&S1id=22308610192&S2id=22364980500&ord=1648481094612&r=873930616549&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=nav&zMoatPT=article&zMoatSL=nav-ad-plus-leader%3FT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 44ms
43ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=26&fi=1&apd=52&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5041399663&L2id=2992948681&L3id=5944704717&L4id=138384207765&S1id=22308610192&S2id=22364980500&ord=1648481094612&r=873930616549&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=nav&zMoatPT=article&zMoatSL=nav-ad-plus-leader%3FT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 51ms
50ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fwww.zdnet.com%2F%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=0&g=0&h=105&w=1600&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094612&de=873930616549&cu=1648481094612&m=575&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=24&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=0&ag=26&an=0&gf=26&gg=0&ix=26&ic=26&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=26&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=52&cd=0&ah=52&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5041399663%3A2992948681%3A5944704717%3A138384207765&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=5&zMoatH=5&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=nav-ad-plus-leader%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=clipcentric&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=3&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=1695630766&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 44ms
43ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=51&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5688542871&L4id=138349983451&S1id=22308610192&S2id=22364980500&ord=1648481094674&r=900138232224&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=bottom&zMoatPT=article&zMoatSL=mpu-bottom%3FLL%7CT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 44ms
44ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=51&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5688542871&L4id=138349983451&S1id=22308610192&S2id=22364980500&ord=1648481094674&r=900138232224&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=bottom&zMoatPT=article&zMoatSL=mpu-bottom%3FLL%7CT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 E=fq
tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=0/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/Q=f.1_c.1_p.1_l.1_v.1_f... Frame 882D 35 B
159 B 41ms
41ms Image
image/gif 18.196.229.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=0/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/Q=f.1_c.1_p.1_l.1_v.1_fc.1_fp.1_fl.1_cp.1_cl.1_pl.1_pv.1_lv.1/G=17fd1214e4de1cdec130355/E=fq

Requested by

Host: ad.clipcentric.com
URL: https://ad.clipcentric.com/user-9/resources/store.phtml?v200530

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.229.80 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-229-80.eu-central-1.compute.amazonaws.com

Software

Apache/2.2.34 /

Resource Hash

6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ad.clipcentric.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
x-frame-options: SAMEORIGIN
content-type: image/gif

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FBCA 0
0 79ms
79ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu1UnTUNzBaE1K3aRQi54tFRCGeImG63NzmShBaMBIjrJ7Y51JTTXU6aXrY2XCYzbpM3NO2u2FtmB0ktd4YBrbjpArj0VG4rU7fQ1B92UPccWlKEyQxj8elpWYnXBsoJ3iToXq7oYmdcDhVfPysxXkWqrCA925eZtGu5ce0J7EKvnvfBACSAmtHhi-VNtRfUO_DGZ2iFaNfeT2wwv_dIZawrgFbtYXqB5Bw30H9HWSb_sfUtzvYBy5rl9fWlkzGtWpu31pp57gv7RBdLu5Zah1jlO4swOiKMng6_UihL7hRq8Ckf7PZAa35&sig=Cg0ArKJSzGRx-hBX47F0EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
DATA 200
OK truncated
/ Frame FBCA 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48dae2f8e466ea5e984611f72553130b93a38e95fed95ed85f8033ced33f40cf

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 47ms
47ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=bottom&zMoatSZPS=300x250%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F16181266791146063110&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=0&g=0&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094674&de=900138232224&cu=1648481094674&m=555&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=93&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=51&cd=0&ah=51&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5688542871%3A138349983451&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=300&zMoatH=250&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=mpu-bottom%3FLL%7CT-1000&zMoatMMV=80%2C70%2C60%2C50%2C40%2C30%2C20%2C10&zMoatMMV_MAX=80&zMoatMGV=70%2C60%2C50%2C40%2C30%2C20%2C10&zMoatMSafety=unsafe&zMoatMData=1&zMoatSlotId=mpu-bottom&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-bottom&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&jk=2&jm=-1&tz=mpu-bottom&iq=80&tt=70&tu=1&tp=unsafe&tc=0&fs=197895&na=1692818603&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9141 0
0 80ms
79ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstKmzV6ZVswocwHVK2FGZ-sIbbf6qmYoIy8DRmohv8zKO9p9GRgb1HpnPqaIsmmDGPEFrScue_ns1ZkilEf7p99vVdDvN6IRsYmMuGNydoGBCVhj33Qj_-mCpq4I3V6m4effLreejjJh4vhoUWS8m8M2bqYgcEHNFaii1R1xrRaz2wVVjIAd9DvGgShgjmXipvMphVmGFZ6AegkmifN5jfLeS-m25WrIpj1LBfWsSQ9LjfZYizY918xvdhxHF9GlkalFsObnuOW5-CwBPdpi8-767YI_eZThiKymwsT0GNtwMPDHr0ollxpop7LgkbFv1cjQbYj0xZiUizS1w&sai=AMfl-YT6Joxnv4paz69t6N7z8mzdTq0pSBJ9r2kD5pIHlWyxjfIWAREy2YiLEUTCfOcvuOjWUx7eE_iDAR9EKANrYlrU8NSjn8aDQ18S-jRYLzpmpackAmueEiPmnThk-uUQ&sig=Cg0ArKJSzGPLQMFTuAEhEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9141 13 KB
10 KB 107ms
56ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

190db91def09c89ca49c6511b571659f97164be1513d1bf907ca92e88f1e3807

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Mar 2022 15:24:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10376
x-xss-protection: 0

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 50ms
49ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1648481095270&de=193651980604&m=0&ar=b4c2745aeba-clean&iw=5a3884c&q=19&cb=0&ym=0&cu=1648481095270&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A1100%3A1100%3A2286%3A1045&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=197895&na=1719055902&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 713C 0
9 B 41ms
41ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?3UvbAw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 41ms
41ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=175&fi=1&apd=201&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5041399663&L2id=2992948681&L3id=5944704717&L4id=138384207765&S1id=22308610192&S2id=22364980500&ord=1648481094612&r=873930616549&t=hdn&os=1&fi2=0&div1=0&ait=75&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=nav&zMoatPT=article&zMoatSL=nav-ad-plus-leader%3FT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 45ms
45ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=201&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5688542871&L4id=138349983451&S1id=22308610192&S2id=22364980500&ord=1648481094674&r=900138232224&t=hdn&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=bottom&zMoatPT=article&zMoatSL=mpu-bottom%3FLL%7CT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 E=ls:on%20scroll%20full%20collapse.1
tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=399/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/ Frame 7618 35 B
159 B 42ms
41ms Image
image/gif 18.196.229.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=399/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/E=ls:on%20scroll%20full%20collapse.1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.229.80 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-229-80.eu-central-1.compute.amazonaws.com

Software

Apache/2.2.34 /

Resource Hash

6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
x-frame-options: SAMEORIGIN
content-type: image/gif

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9141 17 KB
6 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
DATA 200
OK truncated
/ Frame 09E2 801 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b526196d510bc11f40effba13f1b9e1792120b1f40b453695e8d7dcc05cf38d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D61C 13 KB
5 KB 53ms
52ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Mar 2022 15:22:47 GMT
expires: Tue, 28 Mar 2023 15:22:47 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 128
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BB96 783 B
536 B 66ms
66ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5dfab183236181190e4418340cdd11445df5e0a86211160be0ee6c4f6734f608

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-E6/AMg3pORPlK2rJXZRf2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 28 Mar 2022 15:24:55 GMT
date: Mon, 28 Mar 2022 15:24:55 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-E6/AMg3pORPlK2rJXZRf2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 njEQSFvQmVZPXGz1GqDnvx6UYUmy29w-ZdzcuuIp78M.js Show response
pagead2.googlesyndication.com/bg/ Frame D61C 35 KB
13 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/njEQSFvQmVZPXGz1GqDnvx6UYUmy29w-ZdzcuuIp78M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e3110485bd099564f5c6cf51aa0e7bf1e946149b2dbdc3e65dcdcbae229efc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 14:22:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3752
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13638
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 14:22:23 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BB96 0
0 95ms
95ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031601&jk=857007513451230&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame D61C 0
9 B 41ms
40ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8W9Z9A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 56E0 42 B
64 B 85ms
85ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv-TRaZCSI3B3fugsAf1vvuX2kMnX_fYnfv7DwTAR_jinxZevWvfmMbyl-dY3Zxa6homnZ72NXhAB4hd7UnHOESUpiLOqFoGxBeYvtv76Y-U3IaPjiT&sig=Cg0ArKJSzE5JusDbf4K_EAE&id=lidar2&mcvt=1000&p=478,1050,1078,1350&mtos=812,1000,1000,1000,1000&tos=812,188,0,0,0&v=20220323&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=192557409&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1648481094361&rpt=332&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7618 42 B
64 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvxMO5SYSSSDdkkX8CQ0SKxpyc2o2ggKR2ykakF7kMEu0A3y2EyOZoS8ZgIb9f9wBFp5bQSUY2yxk_S0Z6uxm8jAV7ryYVwvDWJufP6CpYmn3lXiSYy&sig=Cg0ArKJSzPO7I_nR0b6cEAE&id=lidar2&mcvt=1000&p=64,800,169,2400&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220323&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=2152545444&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1648481094336&rpt=448&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 47ms
46ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x600&zMoatPS=top&zMoatSZPS=300x600%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=1&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094697&de=655614722382&cu=1648481094697&m=1100&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=79&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=1&ag=1093&an=3&gi=1&gf=1093&gg=3&ix=1093&ic=1093&ez=1&ck=1093&kw=894&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1093&bx=3&ci=1093&jz=894&dj=1&aa=0&ad=983&cn=0&gk=747&gl=0&ik=747&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=894&cd=5&ah=894&am=5&xd=00&rf=0&re=1&ft=518&fv=0&fw=518&wb=1&cl=0&at=0&d=5070475830%3A2986437098%3A5929908675%3A138382842584&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=300&zMoatH=600&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=mpu-plus-top%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=2024075221&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 42ms
42ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=894&tet=1093&fi=1&apd=1095&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5070475830&L2id=2986437098&L3id=5929908675&L4id=138382842584&S1id=22308610192&S2id=22364980500&ord=1648481094697&r=655614722382&t=iv&os=1&fi2=0&div1=1&ait=518&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=top&zMoatPT=article&zMoatSL=mpu-plus-top%3FT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 44ms
44ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x600&zMoatPS=top&zMoatSZPS=300x600%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=2&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094697&de=655614722382&cu=1648481094697&m=1102&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=79&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=1&ag=1093&an=1093&gi=1&gf=1093&gg=1093&ix=1093&ic=1093&ez=1&ck=1093&kw=894&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1093&bx=1093&ci=1093&jz=894&dj=1&aa=0&ad=983&cn=983&gk=747&gl=747&ik=747&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=894&cd=894&ah=894&am=894&xd=00&rf=0&re=1&ft=518&fv=518&fw=518&wb=1&cl=0&at=0&d=5070475830%3A2986437098%3A5929908675%3A138382842584&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=300&zMoatH=600&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=mpu-plus-top%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=1510199657&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 78ms
78ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031601&jk=997831255783694&bg=!tbaltvLNAAbzJazn0yU7ACkAdvg8Wv0f9UXVS6hmiTNP38NLY7sJ6RmmM6AmQK60kMgosYDxM9Kv-wIAAADWUgAAAAJoAQeZAvBu0Omz_TwEMd-TApUk2rx6ScmdPk0FbVoOZQuNjhhGH8V7iJj3_8hxMj8MvyYNUU1t9PlVdxXA_pydJRKrkyf8n-6QWaoynfaY94-HTJYqx0RSsP9ZtXcRmJpQFRqZMqbX3n78rkk592YejWh46v7gqXbsvLLZ7projGnskMfTHHtt-wqoXTkf0Eso5ymFSoqkPhWcQpRSpTS-0ZMs7kbESO4iVT2OK_e9JZmOhbl8VHZZp-2ZOJak3nthQRfaivHJXXN5z7Wd8H7jkTG_-OUmvPmPQxbJy5iEmtCEQAnET0z1qORxV6AwYXWTlpBiYZghlzDBFYdnZ9fc13uFmD2M_Ej7lRbdsJ-aa7gaUg_e4Y7pkkOjd9G6m9EZb4I7Iqk42y_ekvfBE5BvhXjlW0laZMevNR06r-h1AfPAq-65B1F9gPBPilq1wVXOs40NALxF8QkTz68Owe7y-RQ6AdYnCsMv7K21H4UMyE6No57ExfbwS7A4JDLHSYtSYUJnV0LpKuPmAowKtXjRkTkBkSO0vr3TUYwEXyyfGlOqNi9q4YCTCbkqH6lD8yKmP315gBDZv59LRRWoefpcSs2PQnqbICzNRExBjpVHfDw7PQuvpKYyCDlYHR9U4k12gicPevqPfEgjXcW5MUitlRQdcD0GDqrKyO3EQgx2uQZzaIWb8sUj8RIw_YL-HaXu2tGuWdOAXT7x6BYpg10bkeJijzvyO_zs5-QA8rBYj7BUhQvnF_jE4RrKYoGbqhvlTwIkQ4ttIVZsUN3mxYJc-wXQbOwkLdFdt6hODh9TMUm53YxaNdSAZQTaBxO1-69FzkH16Tlx1YzlNB0TZuPPTHPXP2LZYLOiSKgHh48Iw0hWAUXEkQkJ-YHdIxEEZHk7y_tyDOYnPa_H4fCphmk9MAdFGPRSspL9Brb8s1JePWhALsVdq9fAtehlCw2DyGl9i2v2dqjPhfrNtf5_z-5VT-d9fhx7XuxnvQyL342BMM2FMmlAEQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 45ms
45ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x600&zMoatPS=top&zMoatSZPS=300x600%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=3&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094697&de=655614722382&cu=1648481094697&m=1103&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=79&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=1&ag=1093&an=1093&gi=1&gf=1093&gg=1093&ix=1093&ic=1093&ez=1&ck=1093&kw=894&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1093&bx=1093&ci=1093&jz=894&dj=1&aa=0&ad=983&cn=983&gk=747&gl=747&ik=747&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=894&cd=894&ah=894&am=894&xd=00&rf=0&re=1&ft=518&fv=518&fw=518&wb=1&cl=0&at=0&d=5070475830%3A2986437098%3A5929908675%3A138382842584&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=300&zMoatH=600&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=mpu-plus-top%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=330652329&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:55 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:55 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 45ms
45ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x600&zMoatPS=top&zMoatSZPS=300x600%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=4&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094697&de=655614722382&cu=1648481094697&m=1305&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=79&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=1&ag=1299&an=1093&gi=1&gf=1299&gg=1093&ix=1299&ic=1299&ez=1&ck=1093&kw=894&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1299&bx=1093&ci=1093&jz=894&dj=1&aa=1&ad=1189&cn=983&gk=953&gl=747&ik=953&co=1189&cp=1095&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1095&cd=894&ah=1095&am=894&xd=00&rf=0&re=1&ft=724&fv=518&fw=518&wb=1&cl=0&at=0&d=5070475830%3A2986437098%3A5929908675%3A138382842584&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=300&zMoatH=600&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=mpu-plus-top%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=414823726&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:56 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:56 GMT

GET
H2 200 E=wi
tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=1023/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/ Frame 7618 35 B
159 B 44ms
44ms Image
image/gif 18.196.229.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.clipcentric.com/s/B=608/F=1246037/C=389582/P=22/L=21/V=23/S=p-RtJGcy/Z=1/I=114.131366.1648481094992/U=www.zdnet.com/T=1023/M=i/D=d/PO=zdnet.com/LO=5944704717/VO=138384207765/E=wi

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.229.80 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-229-80.eu-central-1.compute.amazonaws.com

Software

Apache/2.2.34 /

Resource Hash

6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 15:24:56 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
x-frame-options: SAMEORIGIN
content-type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9141 0
20 B 80ms
80ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031601&jk=857007513451230&bg=!yMuly4_NAAbzJazn0yU7ACkAdvg8WiQzJnVE6nf7lh1u7g_g2PPNmUw7cvtsnxrYPQOwXnFeEg0sLQIAAABqUgAAAAJoAQeZAwhepcMUg24h4FSq9UhBgFHuMCEQ9GMD5QInEu4-mguiFY1ejpYuuZd4t_bzKcnYWoZeWi_C47KnYPvoUJDokT7EgQgZVvEZDb342JKXGdH3CeVvjZRqRQvA3yzlVJQpIL455e4ZdZIE2x3xtuaGoeZ0G-shnoZrI0zZRnJWTX5vtIdEUeQkqxl7Q0nKr8qj1rLh8X3Zw7XAwUX7BMOqviD3rnjeaV5IVwQqmr2kPASUj79-HVlDHGDg-cS1R9agfzKCpPIorxbl11Jpk_pCPdGg552gNlioiuQUx20fshjggdaO1peiT2eXTUvanp0KrJVqisD2TZ-UczqJWMW7nsEcG3pc9fG8W0ynlanJrzJY79PcBhcqQpsCRXEX3NBGpISfwI1qqpDpr-PnITaT1_czO9XbsMgid6Msm2CWIsJyqjZtrWBQanuQ0La5T9NZzh2nRio-2Q7WF68ZS9caM2UzCMXmDh6aruU78cIFCD9PaQWerUTVspnb-BuvJqjj_2a8_afsTqNuEGbqgUGkbj4i_pq9iaEv3w79y_T1t6C2oaNoq9Q2H6vHR4EsO1pL9IAk0G8Myy4eagfvvMR4mwZB2HQDdJzfBDrda4Gc44D_cp0yG4n2dJ3zOmD446WY4jC1kEzz1xiyKkhZ9Cz6SNpink5x8DEJ-LgHuMPsCXKiiPkhxuC4QetwnxUDt3So2N-g9P8-E2GtnU0v5WlZyDTi74n5LIdqcm86gqG9TPJxmzo03w1AEy9NdKZjBfEJCuBqRPYmssaSX7U7UU8xS23CLj-wWsfRykqG2XG3a6BUQAXiCBPQj9S7TNYgwEZ5Yg05hixp5QXQNGvktNuA9PQ883FBYD564XQXD3kLTxPA80DfRNf9DlwYcHBEeBT5fCHAGACavDPjAil8Jz0hmTo52Fpt6wG8kL_Mt9l5uPpyPxFNvm9nmnrz2j6xN1ubJrwLW9sWhdIq0-6pgLWnllzi-ScLvQfQAClOidQuEL7kuDD7rp1Zifcx1eHcPF9spMFcjs2yKwwLkw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 56ms
56ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=1&h=105&w=1600&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094612&de=873930616549&cu=1648481094612&m=1731&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=24&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=1&ag=1185&an=26&gi=1&gf=1185&gg=26&ix=1185&ic=1185&ez=1&ck=1185&kw=1010&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1185&bx=26&ci=1185&jz=1010&dj=1&aa=1&ad=1085&cn=0&gn=1&gk=1085&gl=0&ik=1085&co=1085&cp=1010&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1010&cd=52&ah=1010&am=52&xd=00&rf=0&re=1&ft=1085&fv=0&fw=1085&wb=1&cl=0&at=0&d=5041399663%3A2992948681%3A5944704717%3A138384207765&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=5&zMoatH=5&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=nav-ad-plus-leader%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=clipcentric&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=732806383&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:56 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:56 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 47ms
47ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1010&tet=1185&fi=1&apd=1211&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5041399663&L2id=2992948681&L3id=5944704717&L4id=138384207765&S1id=22308610192&S2id=22364980500&ord=1648481094612&r=873930616549&t=iv&os=1&fi2=0&div1=1&ait=1085&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatPS=nav&zMoatPT=article&zMoatSL=nav-ad-plus-leader%3FT-1000&moatClientSlicer3=0&m_ltype=direct&bedc=1&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:56 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:56 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 46ms
45ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=2&h=105&w=1600&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094612&de=873930616549&cu=1648481094612&m=1734&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=24&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=1&ag=1185&an=1185&gi=1&gf=1185&gg=1185&ix=1185&ic=1185&ez=1&ck=1185&kw=1010&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1185&bx=1185&ci=1185&jz=1010&dj=1&aa=1&ad=1085&cn=1085&gn=1&gk=1085&gl=1085&ik=1085&co=1085&cp=1010&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1010&cd=1010&ah=1010&am=1010&xd=00&rf=0&re=1&ft=1085&fv=1085&fw=1085&wb=1&cl=0&at=0&d=5041399663%3A2992948681%3A5944704717%3A138384207765&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=5&zMoatH=5&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=nav-ad-plus-leader%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=clipcentric&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=1405820861&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:56 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:56 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 44ms
44ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=3&h=105&w=1600&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094612&de=873930616549&cu=1648481094612&m=1735&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=24&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=1&ag=1185&an=1185&gi=1&gf=1185&gg=1185&ix=1185&ic=1185&ez=1&ck=1185&kw=1010&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1185&bx=1185&ci=1185&jz=1010&dj=1&aa=1&ad=1085&cn=1085&gn=1&gk=1085&gl=1085&ik=1085&co=1085&cp=1010&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1010&cd=1010&ah=1010&am=1010&xd=00&rf=0&re=1&ft=1085&fv=1085&fw=1085&wb=1&cl=0&at=0&d=5041399663%3A2992948681%3A5944704717%3A138384207765&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=5&zMoatH=5&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=nav-ad-plus-leader%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=clipcentric&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=1073747877&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:56 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:56 GMT

POST
H/1.1 204
No Content event.png
tpsc-frc.doubleverify.com/ Frame 5B98 0
244 B 130ms
42ms Ping
text/plain 213.254.244.25
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tpsc-frc.doubleverify.com/event.png?impid=9d49da6a9efb41bfa03a01e2432d6286&gdpr=&gdpr_consent=&dvp_atali=1&vdur=246&eoid=8&msrjs=2439&nav_pltfrm=Linux%20x86_64&sdf=2&vit=2&isvelg=1&tltms=163&tetms=9&msltms=192&vltms=246&sei=289&vetms=119&engms=1&engisel=1&ttfurm=2385&cbust=1648481097206609
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements2439.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.25 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.zdnet.com
Pragma: no-cache
Date: Mon, 28 Mar 2022 15:24:43 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Vary: Origin
Expires: 03/27/2022 15:24:57

POST
H/1.1 204
No Content event.png
tpsc-frc.doubleverify.com/ Frame 5B98 0
244 B 43ms
42ms Ping
text/plain 213.254.244.25
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tpsc-frc.doubleverify.com/event.png?impid=9d49da6a9efb41bfa03a01e2432d6286&gdpr=&gdpr_consent=&msrcanlm=968&msrcannum=4&eoid=10&ismms=1029&isumms=1028&isvelg=1&nvr=6&isgmmims=1029&isgmv4mims=1029&elmtp=1&isbxdms=2429&b11=1501&adhgt=105&adwdth=1600&engisel=1&vsos=9&dvp_vsosnmr=16&dvp_mvpw=device-width&dvp_mvpiss=0&lftb=1501&sftb=1501&msrdp=2&naral=64&vct=1&vphgt=1200&vpwdth=1600&chgt=105&cwdth=1600&invcs=false&scrhgt=1200&scrwdth=1600&strp=100&advisonl=true&isiabvms=1929&isuiabvms=1929&isgmpims=1028&isgmv4dpims=1929&ispmxpms=1929&engalms=1028&engscrlms=1029&dvp_hdnAd=0&dvp_pageEng=true&dvp_dpr=1&cbust=1648481098207593
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements2439.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.25 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.zdnet.com
Pragma: no-cache
Date: Mon, 28 Mar 2022 15:24:00 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Vary: Origin
Expires: 03/27/2022 15:24:58

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 46ms
46ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x600&zMoatPS=top&zMoatSZPS=300x600%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=5&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094697&de=655614722382&cu=1648481094697&m=5122&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=79&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=1&ag=5116&an=1299&gi=1&gf=5116&gg=1299&ix=5116&ic=5116&ez=1&ck=1093&kw=894&aj=1&pg=100&pf=100&ib=1&cc=1&bw=5116&bx=1299&ci=1093&jz=894&dj=1&aa=1&ad=5006&cn=1189&gn=1&gk=4770&gl=953&ik=4770&co=1189&cp=1095&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4918&cd=1095&ah=4918&am=1095&xd=00&rf=0&re=1&ft=4541&fv=724&fw=518&wb=2&cl=0&at=0&d=5070475830%3A2986437098%3A5929908675%3A138382842584&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=300&zMoatH=600&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=mpu-plus-top%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=1287797199&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:24:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:24:59 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 53ms
53ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&ra=1&sgs=3&bo=22308610192&bp=22364980500&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-gPu8rBsiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-ulZ3bHpQgmTbHQ%3D%3D&sc=1&os=1-iA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=4&h=105&w=1600&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&id=1&ii=4&f=0&j=https%3A%2F%2Ft.co&t=1648481094612&de=873930616549&cu=1648481094612&m=5552&ar=b4c2745aeba-clean&iw=5a3884c&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3853&le=1&lf=0&lg=1&lh=24&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1100%3A1100%3A2286%3A1045&as=1&ag=5006&an=1185&gi=1&gf=5006&gg=1185&ix=5006&ic=5006&ez=1&ck=1185&kw=1010&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5006&bx=1185&ci=1185&jz=1010&dj=1&aa=1&ad=4906&cn=1085&gn=1&gk=4906&gl=1085&ik=4906&co=1085&cp=1010&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4831&cd=1010&ah=4831&am=1010&xd=00&rf=0&re=1&ft=4906&fv=1085&fw=1085&wb=2&cl=0&at=0&d=5041399663%3A2992948681%3A5944704717%3A138384207765&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980500&dfp=0%2C1&la=22364980500&zMoatW=5&zMoatH=5&zMoatVGUID=126499e8-0f95-45b8-9335-0c8e6ebb264a&zMoatSN=c&zMoatSL=nav-ad-plus-leader%3FT-1000&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=clipcentric&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=197895&na=48284543&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 15:25:00 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Mar 2022 15:25:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.zdnet.com
URL: https://www.zdnet.com/service-worker.js

Verdicts & Comments Add Verdict or Comment

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers	1970-01-20 01:55:26	Name: pv Value: 1
www.zdnet.com/article/this-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers	1969-12-31 23:59:59	Name: zdnet_ad Value: %7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22aw%22%2C%22subses%22%3A%225%22%2C%22session%22%3A%22c%22%7D
.t.co/	1970-01-20 11:24:55	Name: muc Value: 075f09d9-8f4d-40d7-8aa6-a46ea77ee602
.zd.net/	1970-01-20 06:13:53	Name: _bit Value: m2sfoQ-a1c7c3b5445062f0aa-00M
.zdnet.com/	1970-01-20 02:04:45	Name: fly_geo Value: {"countryCode": "gb"}
.zdnet.com/	1970-01-20 02:04:45	Name: fly_device Value: desktop
.zdnet.com/	1969-12-31 23:59:59	Name: fly_preferred_edition Value: uk
.zdnet.com/	1969-12-31 23:59:59	Name: fly_default_edition Value: uk
www.zdnet.com/	1970-01-20 10:40:17	Name: _mfuuid_ Value: de72b3a7-56f9-41fe-a739-01a0bcb0be05
.zdnet.com/	1970-01-20 10:40:17	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Mon+Mar+28+2022+15%3A24%3A53+GMT%2B0000+(GMT)&version=6.20.0&hosts=&consentId=0f579262-69df-451e-9231-04a0a6866aad&interactionCount=0&landingPath=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-ransomware-has-been-spotted-in-two-very-different-attacks-say-researchers%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.zdnet.com/	1970-01-20 02:37:53	Name: arrowImp Value: true
.zdnet.com/	1970-01-20 02:37:53	Name: arrowImpCnt Value: 1
.zdnet.com/	1970-01-20 02:37:53	Name: ugc Value: 1648481093
.www.zdnet.com/	1970-01-20 19:25:53	Name: chsn_cnsnt Value: www.zdnet.com%3AC0001
www.zdnet.com/	1969-12-31 23:59:59	Name: viewGuid Value: 126499e8-0f95-45b8-9335-0c8e6ebb264a
.zdnet.com/	1970-01-20 02:04:45	Name: RT Value: "z=1&dm=zdnet.com&si=8a46d098-821b-4765-8bed-74a4729f2fae&ss=l1av2v4u&sl=1&tt=1ri&bcn=%2F%2F02179912.akstat.io%2F&ld=1v9"
.zdnet.com/	1969-12-31 23:59:59	Name: fly_session Value: d6d02c263aa38e5a593a57749103cfa8
.doubleclick.net/	1970-01-20 11:16:17	Name: IDE Value: AHWqTUk6ybtfdqxfguHUWDHYIksNlmc6yKydI24R-RdZdt9awD-qIoV1JreAO7otsys
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 81dc91f62a627a2e
.zdnet.com/	1970-01-20 11:16:17	Name: __gads Value: ID=e1cef7e9e0109a61:T=1648481094:S=ALNI_MYs3VstfjLZ3Gq8PTc1dg3j0KwMHw

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

02179912.akstat.io
12633a2e5143fcf674fc9c647880e75b.safeframe.googlesyndication.com
8beb4ede8720e0f2cd48cc2eb824a45e.safeframe.googlesyndication.com
a.myfidevs.io
ad.clipcentric.com
ad.doubleclick.net
adservice.google.co.uk
adservice.google.com
at.adtech.redventures.io
bam-cell.nr-data.net
c.go-mpulse.net
cdn.ampproject.org
cdn.cohesionapps.com
cdn.cookielaw.org
cdn.doubleverify.com
clipcentric-a.akamaihd.net
confiant-integrations.global.ssl.fastly.net
fonts.googleapis.com
fonts.gstatic.com
geo.moatads.com
geolocation.onetrust.com
js-agent.newrelic.com
mb.moatads.com
pagead2.googlesyndication.com
protected-by.clarium.io
px.moatads.com
redventuresgamdisplay60805146916.s.moatpixel.com
securepubads.g.doubleclick.net
static.myfinance.com
t.co
tpc.googlesyndication.com
tps.doubleverify.com
tpsc-frc.doubleverify.com
tr.clipcentric.com
urs.zdnet.com
www.google.com
www.googletagservices.com
www.myfinance.com
www.zdnet.com
z.moatads.com
zd.net
www.zdnet.com
104.244.42.197
108.157.4.76
142.250.181.226
142.250.186.38
143.204.98.110
151.101.129.194
151.101.2.137
151.101.66.154
162.247.243.146
18.170.11.184
18.196.229.80
18.196.6.202
184.30.25.161
2.16.107.105
2.18.235.40
213.254.244.25
2606:4700:10::6814:b844
2606:4700::6810:9440
2a00:1450:4001:800::2002
2a00:1450:4001:808::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::2003
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2001
2a00:1450:4001:830::200a
2a02:26f0:6c00:1b8::11a6
2a02:26f0:6c00:2b9::11a6
2a02:26f0:7100:29b::4469
2a04:4e42:4c::666
2a06:98c1:3120::7
3.11.184.36
34.120.203.121
52.5.114.199
67.199.248.12
0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
0b6ea1010408810a2b9664df1d8f99b4aaaa56874e855d68c32c06c5cf1e229d
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0ea76404cf0e0a0b77894169bd63bd5be869c621c33eabcb68be0fb1361ee418
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f23aaa9d0fec5942a9907b88ad801ff3eff3abede69bf286d869061201c67fe
1072bb617a787627b5569dddf56fb15f2c28b3be18e04ff7a8014158b199532b
13675f970d6dfb0e12a632a85dc3c63ab511d64165770d11c1c09c5868cd0649
190db91def09c89ca49c6511b571659f97164be1513d1bf907ca92e88f1e3807
1a703d617fb31d56238372d5bf78e9861b3a09b7447a0184bd5f1c178461ed12
1cb675a340facabb5ce9b7d58a7dd324d8b893ba0dd5f6528b947d4cc6c1f03d
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
26bda963c698a5d5245af86ff50682a1f18c41966ad5d7a6e89910672798595b
27c4c3f3cef45e73dba278fa644b66b5f3350f4d72d3c0fd384ee19bff01b271
28020915b2e554ce93ee3bf8088afb400ef0765058902448cddcbd8de8222681
2886024326f8c892924608e6c122a0cc1f5aac234944c962d5a1e474622e81ea
295c66c14524b77dd1271317457dec037b5ef0943da346b9b73681e54da826e0
2aa4cf14efe5be8dcc68990342cfc1ba315f39a741d95a6dcda94acbe47a1c23
2b526196d510bc11f40effba13f1b9e1792120b1f40b453695e8d7dcc05cf38d
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2d32c068ed379f96e7046e15397311213fea28896a5a8bc47bd2bd7799b762bc
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
2ec64e196d4c59eb37ca6184a80c69bb989a12c64cca1243aa4ad83630cfb471
2f2668f538fd2169ea4cd0341da6b502f9bb741adc42cdbeb546b41b1fafda60
30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3c591927cc6254cd17a33c78e3293b8456851a88c736b300647f7d263dd31740
3f210c7931a7bdc2b9f19435668d32d6bb23c84dc661238452b1f33c2c0b2ec5
3f6a19367e4fd8c09d3522f012f582ae8033ed9ae08eb6c85aac164b61bb5acb
46121707e9fb86efdb7b5ff4f20339e3331d05990c08d82d6541f98ff080ac06
4793e27f34b18ece33fa9103882465a964b98a854cdd769d3ac888a8a28a23a5
487bba16b1bba94c09965327cac0c9f60e652fc452284f32a6203cfb730d85f4
48dae2f8e466ea5e984611f72553130b93a38e95fed95ed85f8033ced33f40cf
494ab9a85a1d57b47e5cb9cf12b3e44e10dadc56d16e3a9d9218b24f8886b475
4f3dc9d29a35afae0ff09c2203694bb51c6da1e68f07a2ce2496cefc6553265b
4faeb02bc31cc4e8f184d6d77695ef67ccdf56181db8793dea79d198dec725ea
5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba
53bd7793655d078b47da2e0dd784bb15c68ca2b79e0d242ef4f41c5dfa87b0a7
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
597a7092a8496359ef540218f25e3db91b9eb7c2edd6ad8f4b69c74b755b8951
5dfab183236181190e4418340cdd11445df5e0a86211160be0ee6c4f6734f608
5e6d2c7d03eb2bd52ab14195a6c9c4286ee3ce57f1c0ab8522918ff7e2c344a1
5f4c791492ebdba5b3510d1f4cc6294e09840872775a31e3a57f4fd1715b2e46
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61f086756aed4f0a2be98ae39319d1e18bda3b6399068ec7873102566e2eb55b
623adb3da1c01c0bbfaf6f6c63e098944ac1c965dda0a61318cb0c4d280de346
6314af3967adcf3af142ad7958d131fbaaa39c6cee3e3466898be062ce8cb11b
65bb54091a85215c0ca4103c58e059906b147fd0489904387f3f9eef4a2f795a
66b46adfc69de4aef0618116a5b97e49bc6fdcefb054bef307f268bb0dd64a5c
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
694ea356ba8923d3c1570a97fd86caac39ef79023f69aca288bbc3999707dbc5
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6965b96e7b7a71a5f93c220862b5ac3397c5c81352ad6b6e47b46a27fb93b4b0
6b946915daeb986a43552cca1d2bfa4ce799e22dacfc44b2253e37ab82303ece
6c04f544bb533555bdddb084e81afe80c345226bc2a6e61052a593091e4481e7
6c078b3079c5be6998624a45b53b0342271216cd2cd0685afa5a9868c08494c7
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019
6d9e7c00f40966f016ea55910bab9271e656e4f79a98b22f5e475159bdd882a2
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
77534605d7f4bf6131511e44b4da078721199a58ed38e00b2d26cb97fc9e4a7f
79eb8af49a0f2eea9291e3381bcc330730b4ce45f892dd618d63000e9425c190
7f1639eeb6e3eb3e2de52c35e650ac2fe53ea34ee8e8cac73807facad51e9b7f
7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8062685d744e0b56d816edd3d4b5b9b527927710a163273806b1ccc60393cb92
81bcd7a6372e5ca7f7d12382fe1787bd4635eede42b3a79da6937c6d2354ed8b
82f947d14a0a198dfe3cec2fde7896f6e332eb798cc193dad8da9ed2225277cd
8305d86074fdee76ef38a7e264f3ac0bfab4051d8f13625b4bbd5396120b1fe1
8d2889e24da98adaeee205eba16b04f4220cf0a24ca458af39cebb8977cfd8ef
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa
97551120a31b768832ec633d33187a4273e9f4073386de563b0df8ec285a052c
9b611edb408ed2ab7b99df623098bd1cddfdb9d04cf594bee045fdb49136f42b
9b7909cb9edd007095b41a13617b66208e4210fff9c5e411a7db116efefc8e71
9cef34dd8ac6a5a30659882b8beb7e21a0f686042e323557b1e7822deb27777a
9e3110485bd099564f5c6cf51aa0e7bf1e946149b2dbdc3e65dcdcbae229efc3
a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a89fefe62a3aefdaae686026c0fe9b8f65206929032b1b905b9ddf6fac51c7c5
aa70edeae6db2c44448cfc73bc7302e0fbdacc370de3d8f566ca526beaad8a43
ab22fb06853c9f40bd176af7285ac49a03e20a8aeb7b796421eb2aebcfddb51d
ae9d517b524b7ab6eee037b323de049b49944e62d9cf213b69169c68e0f3d0e5
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
b4d57615054d0cf76fad7d4880b4cba6ee4aa99d2b5616af3bd0a902691af24f
b56fe77fe3493ccfdbb90bfd4299c4d461eb2c337652648582dd52b80082369b
b62555c40c12680c45be7727080b96c293ec2aa3f4e74bad1b3b3c19571d5d54
b87e1e984e53a35730068f747f4dff21e19b8ef2ca6f8da54c75b6c783198a35
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4
c28220799abe0a10a15769fa2400b402a0152726b6b9fde5fa7e9e21ba46715a
c50d5d10df377bd960648973b53891bfcaf48f457503eed023ad2c29f28e49b2
c83de3876b70820a0a835648010dc49a5600d6c3dd65f1a1e19ff44d33663083
c9312b952c8d65184399d18bc89a6f451948c7f7f91a0eadb6cde2f412c682f6
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66
de3450b75712ff6900adf144159d25698de8adc14989f342a6b67be749b78760
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d
e245a4382cf4ab471b9b8d24917843175bd4327a4eb15a3574d7d52c91c8193f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e571945dec453fbc4c8177ad3af3f176dc562cf51fe40a10529b69e0b2b1e577
e9cac3eeba1fc86e06fdc013a4c52742e9b4bd14b7be6517321127d4515095ce
ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec
eaf765d314b24473895a9ece61135d31023528c3b65129051b2c5a471d780604
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0
f58a1e195a2dc8dd315222fd5696360dc47624eb43f39fab902fc13415ea3704
f808f80e0a6828022228c0fcd89ff0a7338bc5f6a7ce891327f7e51bc3d46d06
f97926aa27fe2056e80467cdfe9c6bbbc8e628e28467f1bb7c5a4a36a4bfadf4
fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097
ffbf4845fc3471d840d191a67d913432e9ca858429061b44994b7897bea01268

www.zdnet.com Open in urlscan Pro 2a04:4e42:4c::666 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

192 Requests

98 %HTTPS

47 %IPv6

28 Domains

41 Subdomains

38 IPs

3 Countries

2750 kBTransfer

8638 kBSize

20 Cookies

15 Outgoing links

Page URL History

Redirected requests

192 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.zdnet.com Open in urlscan Pro
2a04:4e42:4c::666 Public Scan

Screenshot
Live screenshot

Full Image

192
Requests

98 %
HTTPS

47 %
IPv6

28
Domains

41
Subdomains

38
IPs

3
Countries

2750 kB
Transfer

8638 kB
Size

20
Cookies

192 HTTP transactions
10 data transactions