www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Submission: On March 10 via manual (March 10th 2020, 1:25:10 pm UTC) from HU

Summary HTTP 241 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 50 IPs in 8 countries across 37 domains to perform 241 HTTP transactions. The main IP is 104.20.59.209, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 12th 2018. Valid for: 2 years.

This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	104.20.59.209 104.20.59.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.26.12.6 104.26.12.6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
2	151.101.12.193 151.101.12.193	54113 (FASTLY) (FASTLY)
3	2606:4700:303... 2606:4700:3034::6812:3213	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
5	151.139.128.10 151.139.128.10	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2606:4700:20:... 2606:4700:20::681a:8b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	212.71.236.117 212.71.236.117	63949 (LINODE-AP...) (LINODE-AP Linode)
2	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:214... 2600:9000:214f:3600:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2600:9000:214... 2600:9000:214f:1c00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
3	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE)
1	13.224.194.70 13.224.194.70	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:815::2002	15169 (GOOGLE) (GOOGLE)
7	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE)
1	2600:9000:214... 2600:9000:214f:7600:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	143.204.202.95 143.204.202.95	16509 (AMAZON-02) (AMAZON-02)
6	99.86.0.120 99.86.0.120	16509 (AMAZON-02) (AMAZON-02)
3	151.101.113.194 151.101.113.194	54113 (FASTLY) (FASTLY)
1	99.86.3.24 99.86.3.24	16509 (AMAZON-02) (AMAZON-02)
2	13.225.87.85 13.225.87.85	16509 (AMAZON-02) (AMAZON-02)
4	35.226.134.247 35.226.134.247	15169 (GOOGLE) (GOOGLE)
4	2a02:fa8:8806... 2a02:fa8:8806:12::1430	25751 (VALUECLICK) (VALUECLICK)
6	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
26 68	152.199.22.24 152.199.22.24	15133 (EDGECAST) (EDGECAST)
1	52.7.20.116 52.7.20.116	14618 (AMAZON-AES) (AMAZON-AES)
6	2a00:1450:400... 2a00:1450:4001:81a::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:81b::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:814::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:81e::2004	15169 (GOOGLE) (GOOGLE)
6	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE)
2	23.210.249.164 23.210.249.164	16625 (AKAMAI-AS) (AKAMAI-AS)
6	52.29.78.64 52.29.78.64	16509 (AMAZON-02) (AMAZON-02)
3	3.122.6.57 3.122.6.57	16509 (AMAZON-02) (AMAZON-02)
2 8	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
6	104.16.190.66 104.16.190.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
2	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:817::200d	15169 (GOOGLE) (GOOGLE)
1	35.190.40.172 35.190.40.172	15169 (GOOGLE) (GOOGLE)
3 3	54.77.173.141 54.77.173.141	16509 (AMAZON-02) (AMAZON-02)
2 2	147.75.102.200 147.75.102.200	54825 (PACKET) (PACKET)
2 2	52.19.221.77 52.19.221.77	16509 (AMAZON-02) (AMAZON-02)
3 6	52.29.139.188 52.29.139.188	16509 (AMAZON-02) (AMAZON-02)
3	95.100.196.237 95.100.196.237	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.37.55.184 23.37.55.184	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.142 69.173.144.142	26667 (RUBICONPR...) (RUBICONPROJECT)
1	216.58.206.6 216.58.206.6	15169 (GOOGLE) (GOOGLE)
241	50

42 104.20.59.209 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bleepingcomputer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.26.12.6 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bleepstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.12.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3034::6812:3213 (United States)

ASN13335 (CLOUDFLARENET, US)

id-ransomware.malwarehunterteam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.139.128.10 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:8b (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.71.236.117 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-212-71-236-117.london.nodebalancer.linode.com

ecdn.analysis.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:3600:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:214f:1c00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.194.70 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-70.fra2.r.cloudfront.net

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.217.22.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s18-in-f98.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:7600:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.202.95 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-95.fra53.r.cloudfront.net

api.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 99.86.0.120 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-0-120.fra6.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.113.194 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.3.24 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-24.fra6.r.cloudfront.net

audit.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.87.85 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-85.fra2.r.cloudfront.net

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.226.134.247 (United States)

ASN15169 (GOOGLE, US)
PTR: 247.134.226.35.bc.googleusercontent.com

prebid.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:fa8:8806:12::1430 (Sweden)

ASN25751 (VALUECLICK, US)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.252.172.250 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

68 152.199.22.24 (United States) 26 redirects

ASN15133 (EDGECAST, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.20.116 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-20-116.compute-1.amazonaws.com

cluster-na.cdnjquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.226.36.58 (United States)

ASN15169 (GOOGLE, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.249.164 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-164.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.29.78.64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-78-64.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.122.6.57 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-6-57.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.95.120.147 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

freestar-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.190.66 (United States)

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.59.101 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.67.47 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.40.172 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 172.40.190.35.bc.googleusercontent.com

api.skimlinks.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.77.173.141 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-173-141.eu-west-1.compute.amazonaws.com

x.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.102.200 (Central, Hong Kong) 2 redirects

ASN54825 (PACKET, US)

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.19.221.77 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-221-77.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.29.139.188 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-139-188.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 95.100.196.237 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-196-237.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.55.184 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-55-184.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.142 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.6 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s20-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
68	advertising.com 26 redirects adserver-us.adtech.advertising.com	23 KB
42	bleepingcomputer.com www.bleepingcomputer.com	169 KB
15	pub.network a.pub.network d.pub.network prebid.pub.network c.pub.network	230 KB
13	skimresources.com 4 redirects s.skimresources.com r.skimresources.com t.skimresources.com p.skimresources.com x.skimresources.com	20 KB
9	3lift.com tlx.3lift.com Failed eb2.3lift.com	2 KB
9	adnxs.com ib.adnxs.com acdn.adnxs.com	6 KB
9	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net	106 KB
8	openx.net freestar-d.openx.net Failed eu-u.openx.net u.openx.net	2 KB
7	ampproject.org cdn.ampproject.org	165 KB
7	consensu.org quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org vendorlist.consensu.org api.quantcast.mgr.consensu.org audit.quantcast.mgr.consensu.org api.skimlinks.mgr.consensu.org	142 KB
7	google.com 1 redirects apis.google.com adservice.google.com www.google.com accounts.google.com	101 KB
6	googlesyndication.com tpc.googlesyndication.com	16 KB
6	districtm.io dmx.districtm.io Failed cdn.districtm.io	654 B
6	sharethrough.com btlr.sharethrough.com Failed	714 B
6	amazon-adsystem.com c.amazon-adsystem.com	30 KB
4	dotomi.com web.hb.ad.cpe.dotomi.com	3 KB
4	bleepstatic.com www.bleepstatic.com	8 KB
3	fastly.net confiant-integrations.global.ssl.fastly.net	70 KB
3	googletagservices.com www.googletagservices.com	69 KB
3	malwarehunterteam.com id-ransomware.malwarehunterteam.com	5 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	exelator.com 2 redirects loadeu.exelator.com	2 KB
2	gstatic.com fonts.gstatic.com	22 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	rubiconproject.com fastlane.rubiconproject.com Failed eus.rubiconproject.com	2 KB
2	casalemedia.com as-sec.casalemedia.com Failed	2 KB
2	ad-delivery.net ad-delivery.net	1 KB
2	facebook.com www.facebook.com
2	facebook.net connect.facebook.net	112 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	imgur.com i.imgur.com	635 KB
1	cdnjquery.com cluster-na.cdnjquery.com
1	google.de adservice.google.de	171 B
1	videoplayerhub.com freestar-io.videoplayerhub.com	26 KB
1	analysis.fi ecdn.analysis.fi	2 KB
1	googletagmanager.com www.googletagmanager.com	28 KB
0	slack.com Failed files.slack.com Failed
241	37

	Domain	Requested by
68	adserver-us.adtech.advertising.com	26 redirects www.bleepingcomputer.com a.pub.network
42	www.bleepingcomputer.com	www.bleepingcomputer.com
7	cdn.ampproject.org	confiant-integrations.global.ssl.fastly.net securepubads.g.doubleclick.net
7	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.bleepingcomputer.com
6	eb2.3lift.com	3 redirects a.pub.network
6	c.pub.network	a.pub.network
6	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.bleepingcomputer.com confiant-integrations.global.ssl.fastly.net
6	btlr.sharethrough.com	a.pub.network
6	ib.adnxs.com	a.pub.network
6	c.amazon-adsystem.com	a.pub.network c.amazon-adsystem.com
4	eu-u.openx.net	2 redirects a.pub.network
4	p.skimresources.com	www.bleepingcomputer.com
4	web.hb.ad.cpe.dotomi.com	a.pub.network
4	prebid.pub.network	a.pub.network
4	apis.google.com	www.bleepingcomputer.com apis.google.com
4	www.bleepstatic.com	www.bleepingcomputer.com
3	acdn.adnxs.com	a.pub.network
3	cdn.districtm.io	a.pub.network
3	x.skimresources.com	3 redirects
3	r.skimresources.com	1 redirects www.bleepingcomputer.com
3	dmx.districtm.io	a.pub.network
3	tlx.3lift.com	a.pub.network
3	freestar-d.openx.net	a.pub.network
3	confiant-integrations.global.ssl.fastly.net	a.pub.network confiant-integrations.global.ssl.fastly.net
3	www.googletagservices.com	a.pub.network www.bleepingcomputer.com securepubads.g.doubleclick.net
3	d.pub.network	a.pub.network
3	id-ransomware.malwarehunterteam.com	www.bleepingcomputer.com
2	sync.crwdcntrl.net	2 redirects
2	loadeu.exelator.com	2 redirects
2	t.skimresources.com	www.bleepingcomputer.com s.skimresources.com
2	fonts.gstatic.com	www.bleepingcomputer.com
2	fonts.googleapis.com	confiant-integrations.global.ssl.fastly.net
2	as-sec.casalemedia.com	a.pub.network
2	ad-delivery.net	freestar-io.videoplayerhub.com www.bleepingcomputer.com
2	www.facebook.com	connect.facebook.net
2	static.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
2	connect.facebook.net	www.bleepingcomputer.com connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.bleepingcomputer.com
2	a.pub.network	www.bleepingcomputer.com a.pub.network
2	i.imgur.com	www.bleepingcomputer.com
1	ad.doubleclick.net	www.bleepingcomputer.com
1	u.openx.net	a.pub.network
1	eus.rubiconproject.com	a.pub.network
1	api.skimlinks.mgr.consensu.org	s.skimresources.com
1	accounts.google.com	apis.google.com
1	googleads.g.doubleclick.net	www.bleepingcomputer.com
1	www.google.com	1 redirects
1	cluster-na.cdnjquery.com	freestar-io.videoplayerhub.com
1	fastlane.rubiconproject.com	a.pub.network
1	audit.quantcast.mgr.consensu.org	static.quantcast.mgr.consensu.org
1	api.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	vendorlist.consensu.org	quantcast.mgr.consensu.org
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	freestar-io.videoplayerhub.com	a.pub.network
1	quantcast.mgr.consensu.org	www.bleepstatic.com
1	ecdn.analysis.fi	www.bleepingcomputer.com
1	s.skimresources.com	www.bleepingcomputer.com
1	www.googletagmanager.com	www.bleepingcomputer.com
0	files.slack.com Failed	www.bleepingcomputer.com
241	60

This site contains links to these domains. Also see Links.

Domain
twitter.com
id-ransomware.malwarehunterteam.com
www.patreon.com
id-ransomware.blogspot.com
decryptors.blogspot.com
anti-ransomware.blogspot.com
www.invisionpower.com

Subject Issuer	Validity	Valid
bleepingcomputer.com COMODO RSA Domain Validation Secure Server CA	`2018-05-12` - `2020-05-17`	2 years	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-11` - `2020-10-09`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2020-01-15` - `2022-03-16`	2 years	crt.sh
*.apis.google.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2018-09-13` - `2020-10-07`	2 years	crt.sh
*.analysis.fi Sectigo RSA Domain Validation Secure Server CA	`2019-06-13` - `2020-06-12`	a year	crt.sh
quantcast.mgr.consensu.org Amazon	`2019-05-06` - `2020-06-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-01-16` - `2020-04-15`	3 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2019-02-09` - `2020-05-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-02-25` - `2020-05-19`	3 months	crt.sh
*.videoplayerhub.com Amazon	`2019-07-18` - `2020-08-18`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
vendorlist.consensu.org Amazon	`2020-02-07` - `2021-03-07`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2019-10-07` - `2020-09-29`	a year	crt.sh
*.freetls.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-12-18` - `2020-12-18`	a year	crt.sh
ad-delivery.net Amazon	`2019-03-07` - `2020-04-07`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 High Assurance Server CA	`2018-05-22` - `2020-05-26`	2 years	crt.sh
*.assetbucket.net Amazon	`2019-09-11` - `2020-10-11`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-02-25` - `2020-05-19`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.sharethrough.com Amazon	`2019-10-07` - `2020-11-07`	a year	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
districtm.io CloudFlare Inc ECC CA-2	`2020-02-25` - `2020-10-09`	7 months	crt.sh
accounts.google.com GTS CA 1O1	`2020-02-25` - `2020-05-19`	3 months	crt.sh
api.skimlinks.mgr.consensu.org DigiCert SHA2 Secure Server CA	`2019-10-04` - `2021-10-07`	2 years	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-02-13` - `2021-02-17`	2 years	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh

This page contains 22 frames:

Primary Page: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Frame ID: EDDF3F82F44765152F7075977193F69C
Requests: 203 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v30/cmp-3pc-check.html
Frame ID: BCAAF56187C1BDFE63550E48CCF29F22
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012002251816300/amp4ads-v0.js
Frame ID: 8C3896F88914C1FA2C522F5A06570812
Requests: 17 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuNbrPVd3WKjnIi8grL2T_9weFMYMm-KS-byKCa095Sce-LfAntsOQCDX2-1exsAhoMME8MYupSyyJp6QWwFPqKyuDlvr_A8rAgRW-DMTsDCqgwQif6y8DiL2bJcwPY9Ax5mnm4-jhsn-MLT4AECXKw7ficsZyFlxY264W24vdDXFR2g_FiZK3YH_HbYPRaVVbrehLrKn2yInsqeBVGg3z0NzBBmy_BI1X7bjLC59T9H0A2axr5W8SMnvPoN04GoeXh-XKzcEuTr2ltqayw_MpnsDLlAKUN9JoCLgPcSQFyJblZ&sai=AMfl-YQ41CQi31IrqJBV39sHIlcRbWLlSUOGUfjkUTB0ryJz-taD8BgbLRunGNaS-c-t3YlBuohGsyNB5ajS96h03x-2JILXGXsnO1s53lg4IA&sig=Cg0ArKJSzOMC2Qrt9N3bEAE&urlfix=1&adurl=
Frame ID: C853B5BC6063DCFDC3B3E4F6D610824F
Requests: 2 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.28679135359889085
Frame ID: F6D5B9217332EA149F6A660F9B6A616D
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=942111685863795&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df1c4d258d492818%26domain%3Dwww.bleepingcomputer.com%26origin%3Dhttps%253A%252F%252Fwww.bleepingcomputer.com%252Ffa34a4d20083ac%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&width=150
Frame ID: 299FFAA3F4BBEA9A326C7FC3B0F2C700
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&count=false&size=small&hl=en-GB&origin=https%3A%2F%2Fwww.bleepingcomputer.com&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__
Frame ID: 6BBF6C253AC4072CF01C029615F42681
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__
Frame ID: 4772376F3780DD3EA5393E4869B44208
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: E1F21AD4C748CFA4A42DE367EDA79566
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 76D82B6566D64EDF35028A94BB45A4DC
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 9DFC8C0F5FE41387F78B406655543070
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: F49435560C8A60C0594DDB1C9514D049
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: A2E82C36A33F47FBDBAF48E8FFF7CE31
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: ED1113A6844D53BFC93471D19A5E8E23
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 32266788906CC8105C9C0134AF7563BB
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 9D5063A1B172E4D475F1F01474C6BFF2
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 7838CAF6BBE414CB0D49E250B2B3475A
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 4ACE99005C0BEDAFAA970CBF2FCF639E
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: CA7C302FB95E56A95A1C3C18D37E0EDF
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: B5FDEE6CFA4865B93A94CBA56FDD2A00
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: DD16E0ED43744C4C531D28959F9D1F11
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: C335D75D38B36AA1A00F92BF1996FA86
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

241
Requests

90 %
HTTPS

36 %
IPv6

37
Domains

60
Subdomains

50
IPs

8
Countries

2006 kB
Transfer

4964 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/malwareforme
Title: Jack

Search URL Search Domain Scan URL

URL: https://id-ransomware.malwarehunterteam.com/
Title: ID Ransomware

Search URL Search Domain Scan URL

URL: https://www.patreon.com/demonslay335
Title: here

Search URL Search Domain Scan URL

URL: https://id-ransomware.blogspot.com/2016/07/ransomware-list.html
Title: Digest "Crypto-Ransomwares"

Search URL Search Domain Scan URL

URL: https://decryptors.blogspot.com/
Title: File decryptors

Search URL Search Domain Scan URL

URL: https://anti-ransomware.blogspot.com/
Title: Anti-Ransomware

Search URL Search Domain Scan URL

URL: http://www.invisionpower.com/apps/board/
Title: Community Forum Software by IP.Board

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 84

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200

Request Chain 85

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846675;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200

Request Chain 86

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200

Request Chain 87

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200

Request Chain 88

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200

Request Chain 89

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200

Request Chain 90

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200

Request Chain 104

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c2296d6-62d2-11ea-b71e-12380fdf0cb2;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200

Request Chain 105

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c22935c-62d2-11ea-a3fe-12ddab465c88;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200

Request Chain 106

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c22aaea-62d2-11ea-877c-12495d14311c;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200

Request Chain 107

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c245f20-62d2-11ea-bdfc-1201d05c7be8;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200

Request Chain 108

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846675;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c2336f4-62d2-11ea-8a36-12dccfef2018;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200

Request Chain 109

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c246bdc-62d2-11ea-b957-12358a211a00;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200

Request Chain 110

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c234af4-62d2-11ea-a435-12e7f4d03460;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200

Request Chain 143

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 159

https://r.skimresources.com/api/ HTTP 307
https://r.skimresources.com/api/?xguid=01E329WQGAW68VNQZ00NST3G53&persistence=1&checksum=c956a0a23296a29a0d67aa92b00e8ef601a7aa1a39195b730c49c1e273fd5a55

Request Chain 174

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595

Request Chain 175

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595

Request Chain 176

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595

Request Chain 185

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7cf85a0a-62d2-11ea-9470-121160e138ec;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595

Request Chain 186

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7cf8409c-62d2-11ea-aedb-125139b028ba;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595

Request Chain 187

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7cf9f1da-62d2-11ea-b3d3-12121b825df6;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595

Request Chain 197

https://x.skimresources.com/?provider=exelate HTTP 302
https://loadeu.exelator.com/load/?p=787&g=001&j=0& HTTP 302
https://loadeu.exelator.com/load/?p=787&g=001&j=0&&xl8blockcheck=1 HTTP 302
https://x.skimresources.com/?provider=exelate&skim_mapping=true&provider_id=5e4ed6ba17fef970bde27e1ae611f06c HTTP 302
https://p.skimresources.com/?provider_id=5e4ed6ba17fef970bde27e1ae611f06c&skim_mapping=true

Request Chain 198

https://sync.crwdcntrl.net/map/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D HTTP 302
https://x.skimresources.com/?provider=lotame&skim_mapping=true&provider_id=b6ee513c24dec35335c8fec5e8bdf5c9 HTTP 302
https://p.skimresources.com/?provider_id=b6ee513c24dec35335c8fec5e8bdf5c9&skim_mapping=true

Request Chain 206

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 209

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1

Request Chain 210

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1

Request Chain 211

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 212

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 225

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205

Request Chain 226

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205

Request Chain 227

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205

Request Chain 235

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A8d73e39a-62d2-11ea-b851-127f7115e3c4;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205

Request Chain 236

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A8d740afa-62d2-11ea-9cc2-12ae2f50edf6;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205

Request Chain 237

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A8d7440ce-62d2-11ea-8395-1200a56dfbc2;cfp=1;rndc=1583846704;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205

241 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/ 155 KB
31 KB 753ms
713ms Document
text/html 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

089157c2840cc89f33cf3162012e2a765b2000bbafe32d974ccabcf490dcc078

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.bleepingcomputer.com
:scheme: https
:path: /forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
date: Tue, 10 Mar 2020 13:24:33 GMT
content-type: text/html;charset=ISO-8859-1
set-cookie: __cfduid=dff98c29e14955e64cdb147dd2fb5ac651583846672; expires=Thu, 09-Apr-20 13:24:32 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly; SameSite=Lax; Secure session_id=cb64ce764d200e0254f9682c5d7fc6ec; path=/; domain=.bleepingcomputer.com; httponly;Secure modpids=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.bleepingcomputer.com;Secure
content-security-policy: upgrade-insecure-requests;
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate, max-age=0
expires: Mon, 09 Mar 2020 13:24:33 GMT
pragma: no-cache
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 571d5b471a2c72b1-AMS
content-encoding: br

GET
H2 200 prettify.css
www.bleepingcomputer.com/forums/public/style_css/ 1 KB
573 B 24ms
24ms Stylesheet
text/css 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/style_css/prettify.css?ipbv=2c77595800f56bf9d8365767f85624ab

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfd753d445592a633d4e3b8f74fe6e4ca85ab95a1f0b2fc00f11afeaaeed8194

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 3216
cf-polished: origSize=2207
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"89f-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4bad7272b1-AMS
cf-bgj: minify

GET
H2 200 prototype.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/ 134 KB
33 KB 32ms
30ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prototype.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2a0ed3ea5aebdf80781e96b0e677656f9db72ea592b679299953852fef84b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 632
cf-polished: origSize=180829
status: 200
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"2c25d-4dddd9fb82900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4bad7572b1-AMS
cf-bgj: minify

GET
H2 200 ipb.js Show response
www.bleepingcomputer.com/forums/public/js/ 81 KB
19 KB 29ms
27ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

914053e444ff358317ec2778690f8dfff7c41eeb985a6b3ee2906280bbc4b61a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 3216
cf-polished: origSize=128615
status: 200
last-modified: Thu, 02 Jan 2020 17:02:01 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1f667-59b2b26d979c8-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4bad7672b1-AMS
cf-bgj: minify

GET
H2 200 scriptaculous-cache.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/scriptaculous/ 55 KB
13 KB 30ms
29ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/scriptaculous/scriptaculous-cache.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61e225f0d67c03cc5a2cdfa2f63e971048d0201711c3cda27c4d4ea0f9f65176

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 4390
cf-polished: origSize=79618
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"13702-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4bad7872b1-AMS
cf-bgj: minify

GET
H2 200 ipb.lang.js Show response
www.bleepingcomputer.com/forums/cache/lang_cache/1/ 28 KB
7 KB 28ms
27ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/cache/lang_cache/1/ipb.lang.js?nck=4b93cd7f1f76df9c2c1783aae5cc39b1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebbdc09f56e8b9cba9117f0d84b4903fdc89508496a9b5d5b8d6bf59ff13ebbf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 4390
cf-polished: origSize=30126
status: 200
last-modified: Fri, 25 Oct 2019 14:30:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"75ae-595bcfc4bde67-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4bad7972b1-AMS
cf-bgj: minify

GET
H2 200 qc-consent.js Show response
www.bleepstatic.com/js/qc-consent/ 3 KB
2 KB 131ms
59ms Script
text/javascript 104.26.12.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 784102
cf-polished: origSize=3848
status: 200
cf-bgj: minify
last-modified: Thu, 07 Feb 2019 13:49:44 GMT
server: cloudflare
etag: W/"3981350888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 571d5b4c2d3b363f-MAN
expires: Sun, 05 Apr 2020 11:36:10 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 75 KB
28 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a18f13b0d5cc7a3e3fe3d37df2e30414273a139264e98576e89704d5eed0b42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28484
x-xss-protection: 0
last-modified: Tue, 10 Mar 2020 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 10 Mar 2020 13:24:33 GMT

GET
H2 200 twitter.png
www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/ 545 B
733 B 40ms
32ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92597d72536ce2725db3f04c7ad34252f8d4037ae0a61cdec08f93a0c2db05f2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 722007
cf-polished: origSize=575, status=vary_header_present
status: 200
content-length: 545
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "23f-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Wed, 01 Apr 2020 04:51:05 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5ddf72b1-AMS
cf-bgj: imgq:100

GET
H2 200 forum-logo.png
www.bleepstatic.com/logo/ 5 KB
5 KB 62ms
54ms Image
image/webp 104.26.12.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/logo/forum-logo.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 311b90855c9f23f4f7531137aa339d941b81af0409120d0281a535f0d2920d49

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 63902
cf-polished: origFmt=png, origSize=9361
status: 200
content-disposition: inline; filename="forum-logo.webp"
cf-bgj: imgq:85
content-length: 4670
last-modified: Fri, 26 Nov 2010 18:53:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 571d5b4c5d83363f-MAN
expires: Wed, 08 Apr 2020 19:39:31 GMT

GET
H2 200 useropts_arrow.png
www.bleepingcomputer.com/forums/public/style_images/master/ 94 B
270 B 47ms
39ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/useropts_arrow.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

114af008615fbe18f9cc0dfd36ebafd202e12eda91137d48d8a2cab529274d9f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 1580669
cf-polished: pngoptimizer, origSize=129, status=vary_header_present
status: 200
content-length: 94
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "81-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Sun, 22 Mar 2020 06:20:04 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5de172b1-AMS
cf-bgj: imgq:100

GET
H2 200 photo-thumb-726225.jpg
www.bleepingcomputer.com/forums/uploads/profile/ 3 KB
3 KB 39ms
31ms Image
image/jpeg 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/uploads/profile/photo-thumb-726225.jpg?_r=1415840014

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c492e255fdd7f2a487b843235d2018d92a3e041c2d2b84bb3194c1f458fbb82b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 529006
cf-polished: origSize=3431, status=vary_header_present
status: 200
content-length: 3052
last-modified: Thu, 13 Nov 2014 00:53:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "d67-507b2f117df80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/jpeg
expires: Fri, 03 Apr 2020 10:27:46 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5de272b1-AMS
cf-bgj: imgq:100

GET
H2 200 icon_share.png
www.bleepingcomputer.com/forums/public/style_images/master/ 169 B
346 B 42ms
34ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_share.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b5a35aa59af15012b03c44769087fb85282ed12e3c417030d78f95f61697b53

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 2087718
cf-polished: pngoptimizer, origSize=1201, status=vary_header_present
status: 200
content-length: 169
last-modified: Fri, 12 Oct 2012 09:31:38 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "4b1-4cbd95ac45280"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Mon, 16 Mar 2020 09:29:15 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5de572b1-AMS
cf-bgj: imgq:100

GET
H2 200 oocA8ka.png
i.imgur.com/ 337 KB
338 KB 35ms
11ms Image
image/png 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/oocA8ka.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 7f5d0b00b62a793eb7bfca5810c7602990460c37cfedcb41b73d6877425fcbeb

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
age: 1689952
x-cache: HIT, HIT
status: 200
content-length: 345523
x-served-by: cache-bwi5131-BWI, cache-fra19178-FRA
last-modified: Thu, 23 Jun 2016 17:09:27 GMT
server: cat factory 1.0
x-timer: S1583846673.346061,VS0,VE4
etag: "009608f07019d70940fbd3ae09c5794d"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-storage-class: STANDARD_IA
x-cache-hits: 1, 1

GET
H2 200 logo-25.png
id-ransomware.malwarehunterteam.com/assets/images/ 1 KB
2 KB 114ms
22ms Image
image/png 2606:4700:3034::6812:3213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id-ransomware.malwarehunterteam.com/assets/images/logo-25.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6812:3213 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d11e31e4a1d2b7528c066ca3c849a95e53a53538440a5d72c18bf9f9ee84ce9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 08 Apr 2016 23:33:13 GMT
server: cloudflare
age: 11604
etag: W/"57083fb9-55c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: image/png
status: 200
cache-control: max-age=259200
cf-ray: 571d5b4cde521752-FRA
vary: Accept-Encoding
expires: Tue, 10 Mar 2020 10:11:09 GMT

GET
H2 200 ransomnotecleaner-25.png
id-ransomware.malwarehunterteam.com/assets/images/ 2 KB
2 KB 114ms
22ms Image
image/png 2606:4700:3034::6812:3213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id-ransomware.malwarehunterteam.com/assets/images/ransomnotecleaner-25.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6812:3213 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40af293c9cbabf1f038c524c4270a81353bba3a28854475d9002ce14a2f9abc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 12 May 2016 22:51:24 GMT
server: cloudflare
age: 309430
etag: W/"573508ec-728"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: image/png
status: 200
cache-control: max-age=259200
cf-ray: 571d5b4cde551752-FRA
vary: Accept-Encoding
expires: Fri, 06 Mar 2020 23:27:23 GMT

GET
H2 200 cryptosearch-25.png
id-ransomware.malwarehunterteam.com/assets/images/ 1 KB
1 KB 124ms
32ms Image
image/png 2606:4700:3034::6812:3213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id-ransomware.malwarehunterteam.com/assets/images/cryptosearch-25.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6812:3213 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c7b602cdbc698beb37421e105d80875a420901cb423183e52af8d1a92f4df85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Sun, 15 Jan 2017 01:23:43 GMT
server: cloudflare
age: 25964
etag: W/"587acf1f-4d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: image/png
status: 200
cache-control: max-age=259200
cf-ray: 571d5b4cde571752-FRA
vary: Accept-Encoding
expires: Tue, 10 Mar 2020 06:11:49 GMT

GET
H2 200 post_top.png
www.bleepstatic.com/skin_images/bc/ 369 B
519 B 70ms
62ms Image
image/png 104.26.12.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/skin_images/bc/post_top.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f05e5537bc91bd6026cd2ee7a4ce48d5141ba791f68f1ce1264283c8af6c3aeb

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 1312
cf-polished: origSize=3076, status=webp_bigger
status: 200
cf-bgj: imgq:85
content-length: 369
last-modified: Wed, 09 Jun 2010 03:08:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 571d5b4c5d84363f-MAN
expires: Sat, 10 Aug 2019 16:10:16 GMT

GET
H2 200 bot.jpg
www.bleepstatic.com/images/site/forum/bots/ 880 B
1 KB 63ms
56ms Image
image/webp 104.26.12.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/forum/bots/bot.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 967e2ca4f6acdd30fe8199d905a42f91e578494c5ae014f79d8cae4423219edc

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 65775
cf-polished: qual=85, origFmt=jpeg, origSize=1566
status: 200
content-disposition: inline; filename="bot.webp"
cf-bgj: imgq:85
content-length: 880
last-modified: Tue, 20 Oct 2009 04:08:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 571d5b4c5d85363f-MAN
expires: Wed, 08 Apr 2020 19:08:17 GMT

GET
H2 200 photo-thumb-998576.png
www.bleepingcomputer.com/forums/uploads/profile/ 21 KB
21 KB 40ms
33ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/uploads/profile/photo-thumb-998576.png?_r=1464681208

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8e0160637dd3bafc200fd7e36eec35ce15e00f7b353a09103c2cb5eced1accd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 533782
cf-polished: origSize=21119, status=vary_header_present
status: 200
content-length: 21118
last-modified: Tue, 31 May 2016 07:53:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "527f-5341eab1cae00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Fri, 03 Apr 2020 09:08:11 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5de672b1-AMS
cf-bgj: imgq:100

GET
H2 200 GIPMQEC.png
i.imgur.com/ 297 KB
297 KB 128ms
105ms Image
image/png 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/GIPMQEC.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: fa49c5c1e0e248fa3aa6c1ab18ac61115ec6dc336c20dbfb01167af57f48730c

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
age: 2432
x-cache: HIT, MISS
status: 200
content-length: 303997
x-served-by: cache-bwi5140-BWI, cache-fra19178-FRA
last-modified: Fri, 24 Jun 2016 16:45:11 GMT
server: cat factory 1.0
x-timer: S1583846673.346049,VS0,VE97
etag: "2d58055d6c11f1c73ab661f284998a59"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-storage-class: STANDARD_IA
x-cache-hits: 1, 0

GET pasted_image_at_2016_06_24_11_16_am_360.png
files.slack.com/files-tmb/T184KGAEA-F1L3TRFD0-09e64cc8e8/ 0
0

GET
H2 200 default_large.png
www.bleepingcomputer.com/forums/public/style_images/master/profile/ 2 KB
3 KB 41ms
34ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/profile/default_large.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48100a7efdd07d27ede8e151c39cad2a2b55853d038c25fc2a846316ea0184ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 458696
cf-polished: pngoptimizer, origSize=2589, status=vary_header_present
status: 200
content-length: 2503
last-modified: Wed, 09 Mar 2011 20:59:50 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "a1d-49e13027a9d80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Sat, 04 Apr 2020 05:59:37 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5de772b1-AMS
cf-bgj: imgq:100

GET
H2 200 thumbup2.gif
www.bleepingcomputer.com/forums/public/style_emoticons/default/ 486 B
644 B 42ms
35ms Image
image/gif 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_emoticons/default/thumbup2.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50ec0dfe51bd77eee427ce38cc90ef3564afea1a2e1148dc788c2d89b7fa4fb9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 322456
cf-polished: status=not_needed
status: 200
content-length: 486
last-modified: Sun, 07 May 2006 20:38:57 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "1e6-41338be33ba40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/gif
expires: Sun, 05 Apr 2020 19:50:17 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5de872b1-AMS
cf-bgj: imgq:100

GET
H2 200 smile.png
www.bleepingcomputer.com/forums/public/style_emoticons/default/ 850 B
1 KB 58ms
51ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_emoticons/default/smile.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

18d824646c1147f2687333fa22e37718e5c666d078eb27ffffa017f59415cac5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 2046624
cf-polished: origSize=1042, status=vary_header_present
status: 200
content-length: 850
last-modified: Wed, 18 May 2011 11:51:58 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "412-4a38b840bf380"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Mon, 16 Mar 2020 20:54:09 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5de972b1-AMS
cf-bgj: imgq:100

GET
H2 200 twitter.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 545 B
688 B 55ms
47ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/twitter.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92597d72536ce2725db3f04c7ad34252f8d4037ae0a61cdec08f93a0c2db05f2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 2009871
cf-polished: origSize=575, status=vary_header_present
status: 200
content-length: 545
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "23f-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 17 Mar 2020 07:06:42 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5dea72b1-AMS
cf-bgj: imgq:100

GET
H2 200 plusone.js Show response
apis.google.com/js/ 48 KB
18 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

91772941c245b12f8fcb8447413a0d7ceb9864bf67147894775ea9062c59f82a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: script-src 'report-sample' 'nonce-kZ8E/YgTldD/7+6J5/4+Mw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
status: 200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "7208491ced726c2d16c8da79ffd8e90e"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin: *
expires: Tue, 10 Mar 2020 13:24:33 GMT

GET
H2 200 digg.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 357 B
540 B 46ms
39ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/digg.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

669641985eb1bb7b0e71762f8e734ae2d1832b6976a97f099218d714da1f214e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 1406446
cf-polished: pngoptimizer, origSize=431, status=vary_header_present
status: 200
content-length: 357
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "1af-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 24 Mar 2020 06:43:47 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5dec72b1-AMS
cf-bgj: imgq:100

GET
H2 200 delicious.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 245 B
411 B 44ms
37ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/delicious.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bc2ee096d68f1de3dfd74d23e4a3d1550001d5a459a537e276b5bdf6f011893

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 1406446
cf-polished: origSize=308, status=vary_header_present
status: 200
content-length: 245
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "134-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 24 Mar 2020 06:43:47 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c5dee72b1-AMS
cf-bgj: imgq:100

GET
H2 200 reddit.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 542 B
718 B 56ms
49ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/reddit.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

424b5f41dcbc693d32ca73f0e2b1daa5cf5524bc2220865c15b81f032bf3052d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 984616
cf-polished: pngoptimizer, origSize=614, status=vary_header_present
status: 200
content-length: 542
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "266-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Sun, 29 Mar 2020 03:54:17 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6df472b1-AMS
cf-bgj: imgq:100

GET
H2 200 stumble.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 418 B
571 B 55ms
48ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/stumble.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a915aab28857afeac49311ceff852888da1623eb0f589d7f43fbfbfbceb562e9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 1580668
cf-polished: pngoptimizer, origSize=519, status=vary_header_present
status: 200
content-length: 418
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "207-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Sun, 22 Mar 2020 06:20:05 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6df572b1-AMS
cf-bgj: imgq:100

GET
H2 200 email.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 419 B
716 B 46ms
39ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/email.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee469e3d281e77f7dcc2655ff8d187907f2240c76a03bf868e7dcfd67f08d880

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 2023445
cf-polished: origSize=530, status=vary_header_present
status: 200
content-length: 419
last-modified: Thu, 04 Feb 2010 11:47:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "212-47ec4e74b3c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 17 Mar 2020 03:20:28 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6df672b1-AMS
cf-bgj: imgq:100

GET
H2 200 print.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 272 B
437 B 46ms
40ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/print.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e0533d6585c026d1f72a040b902b67d76994eafa3593049d16ee319e9ec9be8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 2029709
cf-polished: origSize=409, status=vary_header_present
status: 200
content-length: 272
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "199-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 17 Mar 2020 01:36:03 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6df772b1-AMS
cf-bgj: imgq:100

GET
H2 200 download.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 633 B
799 B 59ms
52ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/download.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

563777fc54d07e48cbea78dd97911bdd12a62d1888d12fe4dfeaaa9b3563d676

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 1405595
cf-polished: origSize=646, status=vary_header_present
status: 200
content-length: 633
last-modified: Fri, 12 Feb 2010 14:33:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "286-47f6828485d00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 24 Mar 2020 06:57:58 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6df872b1-AMS
cf-bgj: imgq:100

GET
H2 200 prettify.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/ 14 KB
6 KB 27ms
27ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/prettify.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b937537ed7f13e70dc6a69b6e9b308237cd369e11fa2a2b97a24d97d8487673e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 1247
cf-polished: origSize=14551
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"38d7-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4c0db672b1-AMS
cf-bgj: minify

GET
H2 200 lang-sql.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/ 2 KB
1 KB 25ms
25ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/lang-sql.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

770cb6f8747e90dad261e049dfa5cf42e622dac61bcbc86ecb0a8c134228eb91

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 3215
cf-polished: origSize=1802
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"70a-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4c4dcf72b1-AMS
cf-bgj: minify

GET
H2 200 top.png
www.bleepingcomputer.com/forums/public/style_images/master/ 147 B
312 B 55ms
48ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/top.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cc36f47b70988855c5cde9579581871e9dc92a285a8b1ba4602a89c915c902c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 1406491
cf-polished: origSize=207, status=vary_header_present
status: 200
content-length: 147
last-modified: Thu, 09 Jun 2011 17:25:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "cf-4a54abe32b600"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 24 Mar 2020 06:43:01 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6df972b1-AMS
cf-bgj: imgq:100

GET
H2 200 feed.png
www.bleepingcomputer.com/forums/public/style_images/master/ 641 B
807 B 53ms
46ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/feed.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9158290895e962ac081ae5856cf1c361811b63e1dadf7a6b09fa2f3abbd6ecb5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 536572
cf-polished: origSize=680, status=vary_header_present
status: 200
content-length: 641
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "2a8-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Fri, 03 Apr 2020 08:21:41 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6dfb72b1-AMS
cf-bgj: imgq:100

GET
H2 200 lightbox.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/ 9 KB
2 KB 39ms
31ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/lightbox.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a78f7bf63f851cbab54a7f7e9ccb76b53ef79834c33cd242aa98d16d228e855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 3215
cf-polished: origSize=10063
status: 200
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"274f-4dddd9fb82900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4c5dde72b1-AMS
cf-bgj: minify

GET
H2 200 3687X620620.skimlinks.js Show response
s.skimresources.com/js/ 42 KB
16 KB 3132ms
29ms Script
application/octet-stream 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/3687X620620.skimlinks.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5fd23dfb8a76c05655a51c79b2b2a8f11ae81686008564c197a3c06a42f54eec

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:36 GMT
content-encoding: gzip
last-modified: Thu, 27 Feb 2020 16:34:57 GMT
server: AmazonS3
x-amz-request-id: BBA7F7C6640ED326
etag: "c8856a3be83c141066f9e5052e43d4b4"
x-hw: 1583846676.cds004.wa1.hn,1583846676.cds008.wa1.c
content-type: application/octet-stream
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 16114
x-amz-id-2: /BXS6ZnpSKzjQm1C9LWKj+i22k95g1PfiC9jA82LbcLJ3jYPCL+qFCTkFxn6u/akqyq3s6fzdeI=

GET
H2 200 ips.quickpm.js Show response
www.bleepingcomputer.com/forums/public/js/ 5 KB
2 KB 23ms
22ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.quickpm.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f34544ddb27241b3eccb8e06d7447230005e8718b463a30d9dd83d1e8bada1a1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 4388
cf-polished: origSize=7306
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1c8a-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4c0db172b1-AMS
cf-bgj: minify

GET
H2 200 ips.hovercard.js Show response
www.bleepingcomputer.com/forums/public/js/ 7 KB
2 KB 30ms
29ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.hovercard.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e3b8f6c06d2d74cc294ee6439e67b08890587be0081249a158469ace2eaeaaf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 4388
cf-polished: origSize=12576
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3120-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4c0db272b1-AMS
cf-bgj: minify

GET
H2 200 ips.sharelinks.js Show response
www.bleepingcomputer.com/forums/public/js/ 4 KB
1 KB 22ms
21ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.sharelinks.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f1e90548e911e24dedcb2ca0ffee6847a49a8648e9c615bcd0582bb7c7993fd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 3215
cf-polished: origSize=5869
status: 200
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"16ed-4dddd9fb82900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4c0db372b1-AMS
cf-bgj: minify

GET
H2 200 ips.topic.js Show response
www.bleepingcomputer.com/forums/public/js/ 28 KB
6 KB 32ms
31ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.topic.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a51f645170637f10f3eba218020318af3fff3ad8e7087db87ef607896f19a940

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 2979
cf-polished: origSize=45653
status: 200
last-modified: Tue, 29 Dec 2015 18:39:43 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"b255-5280dbeb879c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4c0db472b1-AMS
cf-bgj: minify

GET
H2 200 ips.like.js Show response
www.bleepingcomputer.com/forums/public/js/ 4 KB
1018 B 23ms
22ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.like.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf50c94253085740a5cce42e9c14f7b897cfc384303b38a5d9d7a0ab8ea5160f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 3215
cf-polished: origSize=6287
status: 200
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"188f-4dddd9fb82900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4c0db572b1-AMS
cf-bgj: minify

GET
H2 200 pubfig.min.js Show response
a.pub.network/bleepingcomputer-com/ 439 KB
117 KB 80ms
49ms Script
application/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 989292fb8b721c7ade9e3bcc21c69abafb01164bf48594d534766b33a65c262a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 50
status: 200
x-guploader-uploadid: AEnB2Uoc_AWnvUaWd4wZnXEBNVsSOl7CigA98Cr6odf-Y1mChll0qA0_-U82uK_O5TrflKOwy84lwzJZLWAOIoCAZXi3LxdrXg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Mon, 09 Mar 2020 15:12:29 GMT
server: cloudflare
etag: W/"e07ac16894aacc86dffdd210bcb5fa83"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=pjVepA==, md5=4HrBaJSqzIbf/dIQvLX6gw==
content-type: application/javascript
x-goog-generation: 1583766749991298
cache-control: public, max-age=1800
x-goog-stored-content-length: 449741
cf-ray: 571d5b4c79cd2488-FRA
expires: Tue, 10 Mar 2020 13:24:43 GMT

GET
H/1.1 200
OK fab.js Show response
ecdn.analysis.fi/static/js/ 4 KB
2 KB 31680ms
27ms Script
application/javascript 212.71.236.117
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://ecdn.analysis.fi/static/js/fab.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.71.236.117 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: nb-212-71-236-117.london.nodebalancer.linode.com
Software: nginx/1.12.2 /
Resource Hash: affd87461f2babd57a2f7aec75e9193e8e71a377e8249a02c95a5f43326e289e

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 10 Mar 2020 13:30:51 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Jul 2015 00:00:00 GMT
Server: nginx/1.12.2
ETag: "55a5a280-560"
Content-Type: application/javascript
Cache-Control: max-age=3600
Connection: close
Content-Length: 1376
Expires: Tue, 10 Mar 2020 14:30:51 GMT

GET
H2 200 ipb_print.css
www.bleepingcomputer.com/forums/public/style_css/css_7/ 3 KB
1 KB 82ms
76ms Stylesheet
text/css 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/style_css/css_7/ipb_print.css

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbd8236978dd3f165bc49566f78c460e3937e552df38787439c1ef2797c4c709

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 6750
cf-polished: origSize=2715
status: 200
last-modified: Thu, 02 Jan 2020 17:02:25 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"a9b-59b2b285311b3-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 571d5b4c6dfc72b1-AMS
cf-bgj: minify

GET
H2 200 user_navigation.png
www.bleepingcomputer.com/forums/public/style_images/master/ 191 B
388 B 51ms
50ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/user_navigation.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab1a12c0da652f8e525d21b28ca7c45b5ea34e787b561120cd8564089faf2a96

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 534859
cf-polished: pngoptimizer, origSize=282, status=vary_header_present
status: 200
content-length: 191
last-modified: Tue, 01 Mar 2011 13:54:08 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "11a-49d6c2153a000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Fri, 03 Apr 2020 08:50:14 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6e0072b1-AMS
cf-bgj: imgq:100

GET
H2 200 advanced_search.png
www.bleepingcomputer.com/forums/public/style_images/master/ 272 B
447 B 52ms
52ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/advanced_search.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a55c6652514d6e2ebc88198444ac6b199e6ad119d0d009eea0a52e87cd7b39df

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 2008904
cf-polished: pngoptimizer, origSize=293, status=vary_header_present
status: 200
content-length: 272
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "125-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 17 Mar 2020 07:22:48 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6e0472b1-AMS
cf-bgj: imgq:100

GET
H2 200 search_icon.png
www.bleepingcomputer.com/forums/public/style_images/master/ 202 B
484 B 49ms
49ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/search_icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51f20d95dad9ea1473e4f877b5f7a7d8bcd589f1f989b8875ffddd83ae716a21

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 1705973
cf-polished: pngoptimizer, origSize=223, status=vary_header_present
status: 200
content-length: 202
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "df-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Fri, 20 Mar 2020 19:31:40 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6e0572b1-AMS
cf-bgj: imgq:100

GET
H2 200 icon_quicknav.png
www.bleepingcomputer.com/forums/public/style_images/master/ 374 B
550 B 75ms
74ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_quicknav.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef879b83b39fe97ac9e83cc9329bf03ec9199fe7433b1ae62d311ef1dac86cbc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 1406490
cf-polished: pngoptimizer, origSize=489, status=vary_header_present
status: 200
content-length: 374
last-modified: Fri, 01 Jul 2011 10:17:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "1e9-4a6ff53f0bd80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 24 Mar 2020 06:43:03 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c6e0672b1-AMS
cf-bgj: imgq:100

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 3061
date: Tue, 10 Mar 2020 12:33:32 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18174
expires: Tue, 10 Mar 2020 14:33:32 GMT

GET
H2 200 maintitle.png
www.bleepingcomputer.com/forums/public/style_images/master/ 193 B
346 B 58ms
57ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/maintitle.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8347a92981a0fdc73af9e2536f688b1a14e6ebea3b4ee5df22e6654bb5e8ca6c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 1406448
cf-polished: pngoptimizer, origSize=295, status=vary_header_present
status: 200
content-length: 193
last-modified: Tue, 01 Mar 2011 13:54:08 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "127-49d6c2153a000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 24 Mar 2020 06:43:45 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4c7e1072b1-AMS
cf-bgj: imgq:100

GET
H2 200 cmp.js Show response
quantcast.mgr.consensu.org/ 225 KB
61 KB 63ms
12ms Script
text/javascript 2600:9000:214f:3600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/cmp.js
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:3600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 68a6c91fc7525fa5e2d4186dcb795dfc9fd83b756e76fc64bd002de2c1fb47e9

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:13:21 GMT
content-encoding: gzip
last-modified: Thu, 27 Feb 2020 19:40:29 GMT
server: AmazonS3
age: 1034
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-meta-qc-ineu: True
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: cIH8T1f68RZ7P_hq0tbveVGS1cLkh4q_uj6kuVeDbVIT92P8scEBhQ==
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 16ms
15ms Image
image/gif 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=404236288&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&ul=en-us&de=windows-1252&dt=TowerWeb%20Ransomware%20Help%20%26%20Support%20Topic%20(Payment_Instructions.jpg)%20-%20Ransomware%20Help%20%26%20Tech%20Support&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1203387382&gjid=1176000307&cid=849493584.1583846673&tid=UA-91740-1&_gid=716109325.1583846673&_r=1&gtm=2ou2q2&z=366619378

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 icon_warning.png
www.bleepingcomputer.com/forums/public/style_images/master/ 270 B
458 B 21ms
21ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_warning.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea99b0d7d706f0144a121af332e2efaae3a1fa76a4a3dbdbec7faa2b0177a2b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
cf-cache-status: HIT
age: 2185192
cf-polished: origSize=408, status=vary_header_present
status: 200
content-length: 270
last-modified: Wed, 20 Apr 2011 21:00:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "198-4a15fea6fc080"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Sun, 15 Mar 2020 06:24:41 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b4d3e8872b1-AMS
cf-bgj: imgq:100

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 6ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9653ee7a341959e18ad389173433c497aa99da6b89b331df8098ad0aff337a53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: +QFFTzmyPLyAIuUJd8HiLg==
status: 200
date: Tue, 10 Mar 2020 13:24:33 GMT, Tue, 10 Mar 2020 13:24:33 GMT
expires: Tue, 10 Mar 2020 13:29:43 GMT
alt-svc: h3-27=":443"; ma=3600
content-length: 1780
x-fb-debug: 3Teoj9AOm7Au6qSYol4RxS4eoUMqoft7+JJPIrHFnJPTfYWoRFGpfpMEX+vcVshmQhAYKWiPJqayYoct43iTkQ==
x-fb-trip-id: 420120009
x-fb-content-md5: 6bed5e8ac2be0b437bbe3b55712b2eee
etag: "de395fc6bf215e581618697df10107f2"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.JKCQ2Hvuo0E.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ/ 140 KB
49 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.JKCQ2Hvuo0E.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24b45790f58b5d8c376ea8320617b5defa1c88576b7b8df5abf1337a758adba3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 27 Feb 2020 09:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 15 Jan 2020 20:40:07 GMT
server: sffe
age: 1050947
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 50234
x-xss-protection: 0
expires: Fri, 26 Feb 2021 09:28:46 GMT

GET
H2 200 cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v30/ Frame BCAA 0
0 25ms
7ms Document
text/html 2600:9000:214f:1c00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v30/cmp-3pc-check.html
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:1c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: static.quantcast.mgr.consensu.org
:scheme: https
:path: /v30/cmp-3pc-check.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
content-type: text/html
content-length: 645
last-modified: Thu, 27 Feb 2020 19:40:24 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Tue, 10 Mar 2020 13:19:08 GMT
etag: "55b98270d639ef0c34781d9f03cce91f"
x-cache: Hit from cloudfront
via: 1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: xFSe1tEaGzvBoQBt_ILdAjGLbJpvCaS31F1U4XVN5j9aQsNUjbPLAQ==
age: 754

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
472 B 1210ms
111ms XHR
text/plain 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 23b58af4dd0dbb29190f05fd5ca2aa9949a2ba1b805792546ce2c684eb2c257f

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 10 Mar 2020 13:24:34 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 43 KB
14 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:81b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a292c3af49568a498020caab16b2010f8dfad4ac19649094f6d9c85a206f9cd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "452 / 974 of 1000 / last-modified: 1583781489"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14565
x-xss-protection: 0
expires: Tue, 10 Mar 2020 13:24:33 GMT

GET
H/1.1 200
OK gallery.js Show response
freestar-io.videoplayerhub.com/ 100 KB
26 KB 1315ms
12ms Script
application/javascript 13.224.194.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-io.videoplayerhub.com/gallery.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.194.70 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-70.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: de1f8951b7801ad3b6d686af593fafd83d936526937260986932d8eaacdb2d0e

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: iWuHtUJgXKWX_IH6Sf_VxHpxCV_BHk4n
Content-Encoding: gzip
Last-Modified: Thu, 05 Mar 2020 20:45:54 GMT
Server: AmazonS3
Age: 78
Date: Tue, 10 Mar 2020 13:23:43 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 1ac3fd533bf6be1b511077f8b8e23bfd.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA2-C1
Connection: keep-alive
X-Amz-Cf-Id: UAtBGIbXn5QIaKcLqxFAo4RUR10WZIFKk1bdq7antwPLJEP1xTEsFw==

GET
H2 200 prebid-analytics-3.6.2.js Show response
a.pub.network/core/ 350 KB
106 KB 151ms
151ms Script
text/html 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00a30ea925e1a7fdcb597a0c8fe4320e4a897495f6c24ad89bacfb9772d2d7e8

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: br
cf-cache-status: BYPASS
status: 200
x-guploader-uploadid: AEnB2Uprjp2R_1qI3-ZZMD_vNEpbUQDQOGp4If8Y0ukGZwipRR0Tg4qzUTBcM7R26mCxOSux4mU7cD7Kvse9sU6eGEhw1peSEg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
last-modified: Fri, 28 Feb 2020 20:11:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=zs10DQ==, md5=a/aOr3cetk5W0I0PmuPrIQ==
content-type: text/html
x-goog-generation: 1582920668771105
cache-control: private
x-goog-stored-content-length: 358240
cf-ray: 571d5b4e5f522488-FRA
expires: Wed, 10 Mar 2021 13:24:33 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 49 B
496 B 933ms
114ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 84eef5f28daaf0fbd14fa4dc0c7253da3ce4635546be59f624cfefe8d3876b01

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 10 Mar 2020 13:24:34 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 cmpui-popup.js Show response
static.quantcast.mgr.consensu.org/v30/ 230 KB
62 KB 8ms
7ms Script
text/javascript 2600:9000:214f:1c00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v30/cmpui-popup.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:1c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f7cc37747a8501579139a8046b73b731490a0586435eff0e4ec37649cf72ce24

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:14:04 GMT
content-encoding: gzip
last-modified: Thu, 27 Feb 2020 19:40:24 GMT
server: AmazonS3
age: 1288
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: 78oVIopOdcAAJLLDaxqDw2sXVbS07hCpdzlSyHl1SBHVX1Gek4noRQ==
via: 1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront)

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 383 KB
111 KB 9ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=a03375e05ae4a67c0008483957ac8c47&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

95c0333dd73fb0f203f25e7c2e10392854890710894b6fb25be1073281e82447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 4hHjzyJJa3JOSqVdCiozbQ==
status: 200
date: Tue, 10 Mar 2020 13:24:33 GMT, Tue, 10 Mar 2020 13:24:33 GMT
expires: Wed, 10 Mar 2021 13:09:44 GMT
alt-svc: h3-27=":443"; ma=3600
content-length: 112874
x-fb-debug: DQNYZ9DmR+C81fuc7LXHHvTcgA9KK1jmLFmIrBGr6qj3IAi6SBmemosQn7iTj4JIm/hWxIHr58zA6H+99QouHg==
x-fb-trip-id: 420120009
x-fb-content-md5: 4cfe21c24d12c9da4f0bd29d2bc3c93d
etag: "96ee44afa530e98f236ff1ce78edd956"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 15ms
14ms Script
application/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 122 B
189 B 16ms
15ms Script
application/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b757ba7877f83ff540eedf0e68cc60f0efbc678f7ea239d484abc985ccd11c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 119
x-xss-protection: 0

GET
H2 200 pubads_impl_2020030501.js Show response
securepubads.g.doubleclick.net/gpt/ 165 KB
60 KB 41ms
40ms Script
text/javascript 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s18-in-f98.1e100.net

Software

sffe /

Resource Hash

8ee04e0441c9e51785d17ac835a93cf4d30d90826f87350b42ba233496a26f55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Mar 2020 14:08:10 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 61481
x-xss-protection: 0
expires: Tue, 10 Mar 2020 13:24:33 GMT

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 94 KB
18 KB 26ms
9ms XHR
application/json 2600:9000:214f:7600:1:af78:4c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:7600:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: affa28efb0c6bb6f9bb296d2e171e38589f3534b5d39081577bbc0eb2cd7a0cc

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Mar 2020 16:10:34 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 422040
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 05 Mar 2020 16:00:51 GMT
server: AmazonS3
access-control-max-age: 604800
access-control-allow-methods: GET
x-amz-version-id: DyrgjbRDAghMTxFkQurmcg61gsOgXbVC
via: 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA53-C1
content-type: application/json; charset=utf-8
x-amz-cf-id: 9owhnWw6kdze5P24Wi-RirhYqD3CoDKHo-Z1Q6n0U4puadYaQI8zJw==

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 40ms
40ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=942111685863795&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=a03375e05ae4a67c0008483957ac8c47&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: F4q/A2i1OdEkGe1OCFms5y802cjQcEjMX2GbFlvTwG20SnyYjWdYq8NgoyTGhI5K1dcDf3Axe4wZZs903RDe5Q==
fb-s: unknown
status: 200
date: Tue, 10 Mar 2020 13:24:33 GMT, Tue, 10 Mar 2020 13:24:33 GMT
strict-transport-security: max-age=15552000; preload
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-27=":443"; ma=3600
content-length: 0
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 CookieAccess Show response
api.quantcast.mgr.consensu.org/ 30 B
595 B 379ms
110ms XHR
application/json 143.204.202.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.quantcast.mgr.consensu.org/CookieAccess
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.202.95 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-202-95.fra53.r.cloudfront.net
Software: /
Resource Hash: 5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:34 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: 6ac96adc-9d69-46a7-98c7-dffd364050d6
x-cache: Error from cloudfront
status: 404
x-amz-apigw-id: JLQ61EGaIAMF2Fw=
content-length: 50
access-control-allow-origin: https://www.bleepingcomputer.com
x-amzn-trace-id: Root=1-5e679512-77d23112aae8b00f061d7a3c;Sampled=0
vary: Origin
access-control-allow-methods: GET, POST
content-type: application/json
via: 1.1 850ccace60916919bf31313cb9176e01.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
x-amz-cf-id: V9xRaMbG9IHFXeCiTWSls_lphG-QM82Jc73gfi-v0xxEiG0vH40DZQ==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 87 KB
25 KB 7388ms
24ms Script
application/javascript 99.86.0.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-0-120.fra6.r.cloudfront.net
Software: Server /
Resource Hash: ac2a58f9d55c4642121cfb6f7e213cbc882bbdd75ef171ca8a07ed982ef693ce

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 09 Mar 2020 22:00:55 GMT
content-encoding: gzip
server: Server
age: 55426
etag: 1dcfbf3986ee8b9c3abbc67eb808ab43
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: k37WXx4tPO2aLU9xbgXt08bqAH9fnDrbMnmviz-wtt_DM6sKz64EIw==
via: 1.1 d3039ad83798b26ecb9f9f1e666afe27.cloudfront.net (CloudFront)

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/ 122 KB
25 KB 1285ms
8ms Script
text/javascript 151.101.113.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1528c78029c9c65395015049d976e1caedb8b2275db0ffe30a390fd9f6f3ffd1

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 10 Mar 2020 13:24:35 GMT
Content-Encoding: gzip
Age: 2343
X-Cache: HIT
Connection: keep-alive
Content-Length: 25497
x-amz-id-2: ppyNNidf8f8oOTf1Du70BN98Ljn+r8KbOiZe/3SD2oN270avJ8sPe1EkNAxMlB/cTufngAdpOrQ=
X-Served-By: cache-hhn4066-HHN
Last-Modified: Tue, 10 Mar 2020 12:36:23 GMT
Server: AmazonS3
X-Timer: S1583846675.048961,VS0,VE0
ETag: "e66366bf414c2921cadcb191e882c2d1"
x-amz-request-id: F60D5A968E53F0EE
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 259

GET
H/1.1 200
OK v2 Show response
d.pub.network/floors/ 1 KB
2 KB 1111ms
113ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/floors/v2?key=535desktop
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 34421bd2874043365b7e61f15cd5abc07c583de7f1ce3976fedab903344f3b9e

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 10 Mar 2020 13:24:34 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
audit.quantcast.mgr.consensu.org/ 80 B
486 B 272ms
7ms XHR
text/html 99.86.3.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit.quantcast.mgr.consensu.org/?log=;1583846674383;BleepingComputer.com;https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F;;;;;p,off,false,,1,en,30,192,true,false,false;displayConsentUi:mandatory,;GDPR-6w91fu9nov0sphl63hyo
Requested by: Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v30/cmpui-popup.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.3.24 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-24.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:06:31 GMT
via: 1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
vary: Origin
age: 1084
x-cache: Hit from cloudfront
status: 200
content-length: 80
last-modified: Mon, 11 Jun 2018 22:07:34 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: QedFtqDTBtb3AIWvWApEFPgSIz8XR9ugrwOg4mwwxssLYgk6hMT6xg==

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gpt/202003021155/ 94 KB
33 KB 10ms
9ms Script
application/javascript 151.101.113.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003021155/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 105a8b13dca7d3dcc57c0529782d9072125dfab34ed2790048e2d2b3c7a847d2

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 10 Mar 2020 13:24:35 GMT
Content-Encoding: gzip
Age: 65
X-Cache: HIT
Connection: keep-alive
Content-Length: 32709
x-amz-id-2: inec7m7FU4W1rIvAC19K1Id1l4XdCMJxE3lBu9WmOxVkl19liVcRbDWrfVIZTnduXnBPtuRE/qM=
X-Served-By: cache-hhn4066-HHN
Last-Modified: Mon, 02 Mar 2020 17:27:30 GMT
Server: AmazonS3
X-Timer: S1583846675.070735,VS0,VE0
ETag: "80e707bc3224ca3b5db2b083f8dc7d32"
x-amz-request-id: 0526F5A20E50E20F
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 56

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/prebid/202003021155/ 32 KB
12 KB 19ms
7ms Script
application/javascript 151.101.113.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/prebid/202003021155/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: acf017c83891b3d82185eedcfd8ef7fd3c5831873e922ab70c4afdbb81700902

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 10 Mar 2020 13:24:35 GMT
Content-Encoding: gzip
Age: 829
X-Cache: HIT
Connection: keep-alive
Content-Length: 12058
x-amz-id-2: RsTl8TI1AF9+/ylBhs1FS+vcXJHyUT3v19vMjESrzgz3lDA8wja581A5Lj3hzCJuFYBoaeMOnnA=
X-Served-By: cache-hhn4066-HHN
Last-Modified: Mon, 02 Mar 2020 17:27:31 GMT
Server: AmazonS3
X-Timer: S1583846675.082734,VS0,VE0
ETag: "8f4084ff1552265381390b31f600845e"
x-amz-request-id: A192B38BA668E01C
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 2488

GET
H2 200 beacon.js Show response
ad-delivery.net/ 1 KB
986 B 478ms
7ms Script
application/x-javascript 13.225.87.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad-delivery.net/beacon.js
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-85.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Tue, 31 Jan 2017 15:06:54 GMT
server: AmazonS3
age: 1157
date: Tue, 10 Mar 2020 13:05:20 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: OszD20ct-7JX2LIhNjU0_08uecoCqHXDR5XDcW4KXO64bvteWI3foA==
via: 1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)

POST
H/1.1 200
OK cookie_sync Show response
prebid.pub.network/ 1 KB
536 B 961ms
112ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/cookie_sync
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 4c0da6452d49460747dfb66e407c09e8b68032777f0760b5c3ac259b1697535a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 255
Expires: 0

POST
H/1.1 200
OK auction Show response
prebid.pub.network/openrtb2/ 142 B
430 B 1136ms
176ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/openrtb2/auction
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 23c15538fb760b6e76ad2f5d0450a393054ca27d4b220c4cf90cbdfdd380ab68

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 149
Expires: 0

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 58ms
19ms XHR
text/plain 2a02:fa8:8806:12::1430
VALUECLICK

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN25751 (VALUECLICK, US),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 10 Mar 2020 13:24:35 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
719 B 28ms
14ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 10 Mar 2020 13:24:37 GMT
X-Proxy-Origin: 83.143.245.69; 83.143.245.69; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.49:80
AN-X-Request-Uuid: 14b09c43-079d-4874-a45b-7fdfafb1bb10
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200

0
-1 B

106ms
105ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846675;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846675;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200

0
-1 B

105ms
104ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846675;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846675;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846675;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200

0
-1 B

96ms
95ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200

0
-1 B

104ms
103ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200

0
-1 B

96ms
95ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200

0
-1 B

99ms
98ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200

0
-1 B

106ms
106ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET arj
freestar-d.openx.net/w/1.0/ 0
0

GET v1
btlr.sharethrough.com/WYu2BXv1/ 0
0

POST auction
tlx.3lift.com/header/ 0
0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 378 B
1 KB 51ms
26ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

ec648607e22402b8353e33b24cdb5d1a46135ef58690d2ce89c730f558688144

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 10 Mar 2020 13:24:37 GMT
X-Proxy-Origin: 83.143.245.69; 83.143.245.69; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.244:80
AN-X-Request-Uuid: 3d10e4f8-9ce1-453e-846d-48d005c1bb52
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 378
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET cygnus
as-sec.casalemedia.com/ 0
0

POST v1
dmx.districtm.io/b/ 0
0

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

GET
H2

302

ADTECH;apid=1A7c2296d6-62d2-11ea-b71e-12380fdf0cb2;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c2296d6-62d2-11ea-b71e-12380fdf0cb2;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=15...

0
-1 B

105ms
104ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c2296d6-62d2-11ea-b71e-12380fdf0cb2;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c2296d6-62d2-11ea-b71e-12380fdf0cb2;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c2296d6-62d2-11ea-b71e-12380fdf0cb2;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A7c22935c-62d2-11ea-a3fe-12ddab465c88;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c22935c-62d2-11ea-a3fe-12ddab465c88;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=15...

0
-1 B

104ms
104ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c22935c-62d2-11ea-a3fe-12ddab465c88;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c22935c-62d2-11ea-a3fe-12ddab465c88;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c22935c-62d2-11ea-a3fe-12ddab465c88;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A7c22aaea-62d2-11ea-877c-12495d14311c;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c22aaea-62d2-11ea-877c-12495d14311c;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=15...

0
-1 B

104ms
103ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c22aaea-62d2-11ea-877c-12495d14311c;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c22aaea-62d2-11ea-877c-12495d14311c;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c22aaea-62d2-11ea-877c-12495d14311c;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A7c245f20-62d2-11ea-bdfc-1201d05c7be8;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c245f20-62d2-11ea-bdfc-1201d05c7be8;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=15...

0
-1 B

105ms
101ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c245f20-62d2-11ea-bdfc-1201d05c7be8;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c245f20-62d2-11ea-bdfc-1201d05c7be8;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c245f20-62d2-11ea-bdfc-1201d05c7be8;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A7c2336f4-62d2-11ea-8a36-12dccfef2018;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846675;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c2336f4-62d2-11ea-8a36-12dccfef2018;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=15...

0
-1 B

98ms
95ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c2336f4-62d2-11ea-8a36-12dccfef2018;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c2336f4-62d2-11ea-8a36-12dccfef2018;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c2336f4-62d2-11ea-8a36-12dccfef2018;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A7c246bdc-62d2-11ea-b957-12358a211a00;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c246bdc-62d2-11ea-b957-12358a211a00;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=15...

0
-1 B

105ms
102ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c246bdc-62d2-11ea-b957-12358a211a00;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c246bdc-62d2-11ea-b957-12358a211a00;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c246bdc-62d2-11ea-b957-12358a211a00;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A7c234af4-62d2-11ea-a435-12e7f4d03460;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c234af4-62d2-11ea-a435-12e7f4d03460;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=15...

0
-1 B

101ms
99ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c234af4-62d2-11ea-a435-12e7f4d03460;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c234af4-62d2-11ea-a435-12e7f4d03460;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c234af4-62d2-11ea-a435-12e7f4d03460;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A7c22935c-62d2-11ea-a3fe-12ddab465c88;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 945 B
1 KB 201ms
200ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c22935c-62d2-11ea-a3fe-12ddab465c88;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=68d2e12a416f451;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 37e1471c5d3f6fdd60866ae98de36f45c76d810fe1eccf66bda6ad9f603d3667

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A7c2296d6-62d2-11ea-b71e-12380fdf0cb2;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 945 B
1 KB 202ms
202ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c2296d6-62d2-11ea-b71e-12380fdf0cb2;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6698488c5b57c84;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: ffc4b0a5424e7a6e6052f2c196c69bc836649096cb66e9f725b76ec0ab235cc4

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A7c22aaea-62d2-11ea-877c-12495d14311c;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 945 B
1 KB 172ms
172ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c22aaea-62d2-11ea-877c-12495d14311c;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=691824dd41b7add;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 1b051fe6c216eda7bea3523392f0b1c4fc59f141b7e79657e814e8f47fb706f9

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A7c2336f4-62d2-11ea-8a36-12dccfef2018;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 944 B
1 KB 180ms
180ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7c2336f4-62d2-11ea-8a36-12dccfef2018;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=6523b7976d3c6a2;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 5b7882a2e10a3c1ae3b2b4f22f5cd32a2987ba66ae409e1460a546dd214949f7

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A7c234af4-62d2-11ea-a435-12e7f4d03460;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 944 B
1 KB 180ms
180ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7c234af4-62d2-11ea-a435-12e7f4d03460;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=709fc024aa0b6d9;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 20adf0ad0be32adf4f84ebff8f087c203f8ce67de88b99de1bef8b38d70fdbd0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A7c245f20-62d2-11ea-bdfc-1201d05c7be8;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 944 B
1 KB 167ms
166ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c245f20-62d2-11ea-bdfc-1201d05c7be8;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=676a1e7da3c2769;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: d7226a9daa2c231b51ec386d79df4ee4ffee5ccfdab966abd422099a6dda2f88

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A7c246bdc-62d2-11ea-b957-12358a211a00;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 945 B
1 KB 176ms
176ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7c246bdc-62d2-11ea-b957-12358a211a00;cfp=1;rndc=1583846674;v=2;cmd=bid;cors=yes;alias=649654a5eafaf8f;misc=1583846675200
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 008afce66ba151b65a16874b0f5bc315cd16affd070a2f531570f47395933cad

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:35 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 504
GATEWAY_TIMEOUT jquery.color-2.1.2.min.js
cluster-na.cdnjquery.com/color/ 0
0 5040ms
4711ms Script
text/plain 52.7.20.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=btjsonpcallback1583846675547&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F%22%2C%22aa%22%3A3%2C%22pgid%22%3A%227bec321c-62d2-11ea-a51a-10d01042074b%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&csVersion=1.21.43&clearThroughOptions=undefined
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.20.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-20-116.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Connection: keep-alive
Content-Length: 0

GET
H2 200 px.gif
ad-delivery.net/ 43 B
385 B 26ms
8ms Image
image/gif 13.225.87.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.6782226532005036
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-85.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-amz-version-id: null
via: 1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)
last-modified: Thu, 27 Jul 2017 18:59:05 GMT
server: AmazonS3
age: 63778
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache: Hit from cloudfront
content-type: image/gif
status: 200
date: Mon, 09 Mar 2020 19:41:38 GMT
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 43
x-amz-cf-id: i1xUF0Kgrwanxz4QbAPMxqUdC3iBOFI50oPoFYejwy0ddcbXUfDadQ==

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 55 KB
13 KB 366ms
357ms XHR
text/plain 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=835558910142548&correlator=3103139293429407&output=ldjh&impl=fifs&adsid=NT&jar=2020-03-10-13&eid=21065399%2C21064370%2C21065576%2C21064522&vrg=2020030501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200310&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_728x90_320x50_InContent_2%2Cbleepingcomputer_1x1_pushdown&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x90%7C970x250%2C728x90%7C970x90%7C970x250%2C728x90%2C1x1&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1583846675&dt=1583846675572&dlt=1583846673209&idt=545&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C436%2C524%2C800&adys=231%2C6313%2C1745%2C0&adks=960084856%2C976516616%2C1808008496%2C2697902146&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&dssz=64&icsg=2252899321161980&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x105%7C1392x105%7C1177x152%7C1600x6584&msz=970x90%7C1392x90%7C1177x90%7C1600x1&ga_vid=559022447.1583846676&ga_sid=1583846676&ga_hid=404236288&fws=4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s18-in-f98.1e100.net

Software

cafe /

Resource Hash

dc12329cf188cb16c368ca0141cc8d679269823585519f691327d7341434ec14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13057
x-xss-protection: 0
google-lineitem-id: -2,-2,-1,4893662829
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2,-1,138254592126
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020030501.js Show response
securepubads.g.doubleclick.net/gpt/ 69 KB
25 KB 41ms
39ms Script
text/javascript 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s18-in-f98.1e100.net

Software

sffe /

Resource Hash

ffdc18ac8f47bcd50dd9c33532c334e7073717a62b367d95b9cb1561048547dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Mar 2020 14:08:10 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 25689
x-xss-protection: 0
expires: Tue, 10 Mar 2020 13:24:35 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 7ms
6ms Other
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012002251816300/ Frame 8C38 200 KB
55 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002251816300/amp4ads-v0.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003021155/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a7e49fb41c1175f9d4e394b6fe993af1b657150e53115b86b7e410a4aad4985

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14768
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55732
x-xss-protection: 0
server: sffe
date: Tue, 10 Mar 2020 09:18:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "854d89fb2a05ebd2"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Mar 2021 09:18:27 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012002251816300/ Frame 8C38 200 KB
55 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002251816300/amp4ads-v0.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003021155/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a7e49fb41c1175f9d4e394b6fe993af1b657150e53115b86b7e410a4aad4985

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14768
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55732
x-xss-protection: 0
server: sffe
date: Tue, 10 Mar 2020 09:18:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "854d89fb2a05ebd2"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Mar 2021 09:18:27 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012002251816300/v0/ Frame 8C38 16 KB
6 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002251816300/v0/amp-ad-exit-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003021155/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b040cd620ed6482975472e60c4e67309a9375395a53aa7cba72489b76d61545

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32962
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5729
x-xss-protection: 0
server: sffe
date: Tue, 10 Mar 2020 04:15:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a6109f8e72088d21"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Mar 2021 04:15:13 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012002251816300/v0/ Frame 8C38 92 KB
28 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002251816300/v0/amp-analytics-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003021155/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dffd83700dd74d4524da45259085e0a134e06e87b4fe5b7fdf77134269da81ae

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14895
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28280
x-xss-protection: 0
server: sffe
date: Tue, 10 Mar 2020 09:16:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cc22e164f6b16c78"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Mar 2021 09:16:20 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012002251816300/v0/ Frame 8C38 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002251816300/v0/amp-fit-text-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003021155/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ef0229dbf3b245afa2fbd209ce7dba56323bcafc380f4ba46b112519bc94641

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 32960
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Tue, 10 Mar 2020 04:15:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "72fcdcddc4f213c3"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Mar 2021 04:15:15 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012002251816300/v0/ Frame 8C38 46 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002251816300/v0/amp-form-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003021155/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e57c9bc67a827ad246d31b9e24e71d6574e54c00e06e875a8aa83063fe50692d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 33034
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14837
x-xss-protection: 0
server: sffe
date: Tue, 10 Mar 2020 04:14:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f3c2d481e0884561"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Mar 2021 04:14:01 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8C38 5 KB
764 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003021155/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 10 Mar 2020 13:24:35 GMT
server: ESF
date: Tue, 10 Mar 2020 13:24:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 10 Mar 2020 13:24:35 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8C38 5 KB
718 B 20ms
19ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003021155/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 10 Mar 2020 13:24:35 GMT
server: ESF
date: Tue, 10 Mar 2020 13:24:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 10 Mar 2020 13:24:35 GMT

GET
DATA 200
OK truncated
/ Frame 8C38 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f02acb9b7ef562df455eb48cbca2448e5566ca80d7614f286201277eac15a1b

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012002251816300/ 20 KB
7 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012002251816300/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cebbfa1487e3dc67737bb93e04d96fef483b4b69cd67707d0cb4817e09a4335

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 5773
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7148
x-xss-protection: 0
server: sffe
date: Tue, 10 Mar 2020 11:48:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "14121842040f9b16"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Mar 2021 11:48:22 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame C853 0
0 25ms
23ms Fetch
image/gif 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuNbrPVd3WKjnIi8grL2T_9weFMYMm-KS-byKCa095Sce-LfAntsOQCDX2-1exsAhoMME8MYupSyyJp6QWwFPqKyuDlvr_A8rAgRW-DMTsDCqgwQif6y8DiL2bJcwPY9Ax5mnm4-jhsn-MLT4AECXKw7ficsZyFlxY264W24vdDXFR2g_FiZK3YH_HbYPRaVVbrehLrKn2yInsqeBVGg3z0NzBBmy_BI1X7bjLC59T9H0A2axr5W8SMnvPoN04GoeXh-XKzcEuTr2ltqayw_MpnsDLlAKUN9JoCLgPcSQFyJblZ&sai=AMfl-YQ41CQi31IrqJBV39sHIlcRbWLlSUOGUfjkUTB0ryJz-taD8BgbLRunGNaS-c-t3YlBuohGsyNB5ajS96h03x-2JILXGXsnO1s53lg4IA&sig=Cg0ArKJSzOMC2Qrt9N3bEAE&urlfix=1&adurl=

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s18-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

timing-allow-origin: *
date: Tue, 10 Mar 2020 13:24:35 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 10 Mar 2020 13:24:35 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame C853 73 KB
28 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:81b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2ccd5167c702b43d4c6dfc47eb2503d3717ca59de8380628c01b646583564a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1583753690185738"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28080
x-xss-protection: 0
expires: Tue, 10 Mar 2020 13:24:35 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:81b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bdab5a45cd656121670184c9dfb1375f4c34f0345ff3232c7ab1d4c4ff6e4ade

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 10 Mar 2020 13:24:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1583753690185738"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27566
x-xss-protection: 0
expires: Tue, 10 Mar 2020 13:24:35 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2225613035339725144/ Frame 8C38 4 KB
5 KB 13ms
13ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2225613035339725144/downsize_200k_v1?sqp=4sqPyQSUAUKRAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhgIrAEQWhgBIAEtAAAAPzCsAThaRQAAgD8&rs=AOga4qnLQ6u4peBFptRtvsFo64U3N8154w

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff8d4b73a8346b4a1ebfea06de87f3e0abe4bdd93c3713fb912fa9820019a60f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 04 Feb 2020 06:23:47 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2019 17:26:36 GMT
server: sffe
age: 3049248
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 4583
x-xss-protection: 0
expires: Wed, 03 Feb 2021 06:23:47 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13256797330833292739/ Frame 8C38 8 KB
8 KB 15ms
14ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13256797330833292739/downsize_200k_v1?sqp=4sqPyQSLAUKIAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-Mg8I2AQQ2AQYASABLQAAAD8&rs=AOga4qmAyS_2N6i6WVRJrhVZWLJKSmNoHw

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

623ba67fdee04abb38857d8cb22124da662ae2d95d1ce5033a4df0ddcd444031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 30 Jan 2020 07:48:53 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 17:36:44 GMT
server: sffe
age: 3476142
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8473
x-xss-protection: 0
expires: Fri, 29 Jan 2021 07:48:53 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8C38 0
0 21ms
21ms Image
text/html 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CR6UpE5VnXs2NJ5aQgAfK2oCwB67W1YdazZLfhrAKwaGPlQEQASDa18U5YJX68IGMB6ABj5SzlwPIAQbgAgCoAwHIAwqqBMECT9AifLRb4K1szm3TxNngIhyD_OTRhm8VqMtkBgpREFoRYstdrRsiztRZQM3B0SAwTZwS61VA04D0JanIDcdy9GKU3Xcg4AxqQSsK66VocdvDcUMc7mpI0bRIrfBH-dqtBY2Hk70yfEFbKQZr6qgemhY1mAuKQFFylcnLZ0v9WkqB7bIhC-RHBEt6Dqh8eaN1VRGdiWrq69TwVHoUigNhHsH98UyKlcmk3YkgvL3KA_aITCkIO0qCP32OiQsd918_AX-VxWzbTQIgrO2VUzV2Z7O2-aYPJ7k03tCe55fjD-3T-1fSk39NiGdRvFtOE69Y2rt385wBz_6n71xheVqBCmPXXfD-MDWH9FLh42DERqTj1G9dgTzZgBP7wRjuEcux4mw2KEKbbzsAVbsv1w4Nqq6C3wbK71xrmpIBADyczlEUwAS7ws2htALgBAGSBQQIBBgBkgUECAUYBKAGN4AH2evMaKgHjs4bqAfVyRuoB5PYG6gHn9sbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEENGhBdIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTc0MjI0OTYwMzI4OTA4M4AKA8gLAdgTAogUAw&sigh=WpNxUYU0vko&template_id=492&tpd=AGWhJms5bryHZMrRvMOgmDPVb7xh1wvBcBjGhoJcmkT_q_1xfg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s18-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8C38 2 KB
3 KB 11ms
11ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 11:08:58 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 8137
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 11 Mar 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8C38 295 B
360 B 24ms
5ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 12:55:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 1755
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Mar 2020 12:55:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8C38 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 27 Feb 2020 08:47:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1053450
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Fri, 26 Feb 2021 08:47:06 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8C38 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Mar 2020 03:12:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 468717
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Fri, 05 Mar 2021 03:12:39 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 8C38
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

41ms
40ms

Image
text/html

2a00:1450:4001:81b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Tue, 10 Mar 2020 13:24:36 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 0
267 B 483ms
113ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 10 Mar 2020 13:24:36 GMT
Access-Control-Allow-Credentials: true
Content-Length: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

POST
H/1.1 200
OK auction Show response
prebid.pub.network/openrtb2/ 142 B
430 B 200ms
199ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/openrtb2/auction
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 156a7acc2af4a58325b2e9d0cff93e32770894b5aafb8a9b800a8ab6d103802f

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 149
Expires: 0

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
998 B 149ms
130ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%22762b7b724f11e42%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2277dcecb3e51b808%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%227814374bc741e32%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2279ebe7164679141%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72e694bc607a4782b9bd80625eeadb8bf966ced107ccdcdee0fa97215fb5fbfa

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 10 Mar 2020 13:24:36 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Tue, 10 Mar 2020 13:24:36 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VALUECLICK

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN25751 (VALUECLICK, US),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 10 Mar 2020 13:24:36 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 81ms
10ms XHR
text/plain 52.29.78.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=83f441f44621ffb&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.78.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-78-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 10 Mar 2020 13:24:36 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 81ms
11ms XHR
text/plain 52.29.78.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=84cb35e5a768ec7&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.78.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-78-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 10 Mar 2020 13:24:36 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
719 B 72ms
72ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 10 Mar 2020 13:24:38 GMT
X-Proxy-Origin: 83.143.245.69; 83.143.245.69; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.90:80
AN-X-Request-Uuid: da7cbbcf-be90-4ee7-a92f-d4fcc8f63029
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=1376c0315b11c0e3;misc=1583846676409; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 944 B
1 KB 171ms
170ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1376c0315b11c0e3;misc=1583846676409;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 362af301fc7ee9134ee3f38d680d1702e05ed672fcbc0160b87723bea8848ebf

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=138c6cb8aa5e79a5;misc=1583846676409; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 944 B
1 KB 177ms
176ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=138c6cb8aa5e79a5;misc=1583846676409;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 7c94c428628502f48cc5c48da86ea162f170022b758d9e31bf926be1b2a8e145

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=1391c80216c91d65;misc=1583846676409; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 945 B
1 KB 180ms
178ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1391c80216c91d65;misc=1583846676409;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 4890c1ca2cba2528c78c4c92159275532b399bb86c8d2faab98aa771097603d9

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
333 B 578ms
12ms XHR
application/json 3.122.6.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=3.6.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&tmax=1200

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.122.6.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-6-57.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
x-auction-status: 12, 12, 12, 12
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 104ms
34ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

b7e006e234a1354aaaae967f50542e5a501782ca3484228034631baf1d0ea5af

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 10 Mar 2020 13:24:38 GMT
X-Proxy-Origin: 83.143.245.69; 83.143.245.69; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.113:80
AN-X-Request-Uuid: 7f9bf5d2-efeb-4a07-91ec-92f4f419fdfc
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 175 B
371 B 721ms
200ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&ch=windows-1252&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=5e4d57ac-5fe2-463b-a34a-54ad4552f278&nocache=1583846676412&pubcid=77677ac8-ae96-4641-b675-b2092b6a61e4&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF&auid=540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash: c2e37b734b7cce909146a2ecd78ce22530889543fd5a5ccbc0b0e1e0b64918e9

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:37 GMT
content-encoding: gzip
server: OXGW/16.179.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
39 B 1102ms
55ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 10 Mar 2020 13:24:37 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 571d5b662eba7227-AMS
access-control-allow-headers: origin, content-type

POST
H2

307

/ Show response
r.skimresources.com/api/
Redirect Chain

https://r.skimresources.com/api/
https://r.skimresources.com/api/?xguid=01E329WQGAW68VNQZ00NST3G53&persistence=1&checksum=c956a0a23296a29a0d67aa92b00e8ef601a7aa1a39195b730c49c1e273fd5a55

0
-1 B

1560ms
16ms

XHR
text/html

35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?xguid=01E329WQGAW68VNQZ00NST3G53&persistence=1&checksum=c956a0a23296a29a0d67aa92b00e8ef601a7aa1a39195b730c49c1e273fd5a55

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:38 GMT
via: 1.1 google
server: openresty/1.11.2.5
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://r.skimresources.com/api/?xguid=01E329WQGAW68VNQZ00NST3G53&persistence=1&checksum=c956a0a23296a29a0d67aa92b00e8ef601a7aa1a39195b730c49c1e273fd5a55
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 307
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: text/html
alt-svc: clear
content-length: 193

Redirect headers

date: Tue, 10 Mar 2020 13:24:38 GMT
via: 1.1 google
server: openresty/1.11.2.5
status: 307
location: https://r.skimresources.com/api/?xguid=01E329WQGAW68VNQZ00NST3G53&persistence=1&checksum=c956a0a23296a29a0d67aa92b00e8ef601a7aa1a39195b730c49c1e273fd5a55
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: text/html
alt-svc: clear
content-length: 193

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame F6D5 0
105 B 1623ms
18ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.28679135359889085
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 206
date: Tue, 10 Mar 2020 13:24:38 GMT
via: 1.1 google
server: Python/3.7 aiohttp/3.5.4
alt-svc: clear
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
107 B 30ms
25ms Image
image/gif 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=2.3466641187123782
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:36 GMT
status: 200
x-guploader-uploadid: AEnB2UqVnIwZLMeE0799pk0QXw84Ex3s7bPyNHRqVLqKU_6HueasAZCXldSjKMqCvJfG_neF3cfZ_fwF57NQc5UQHowgnSfvRg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1583846676.cds004.wa1.hn,1583846676.cds005.wa1.c
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
473 B 28ms
24ms Image
image/gif 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=2.3466641187123782
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:36 GMT
status: 200
x-guploader-uploadid: AEnB2UqVnIwZLMeE0799pk0QXw84Ex3s7bPyNHRqVLqKU_6HueasAZCXldSjKMqCvJfG_neF3cfZ_fwF57NQc5UQHowgnSfvRg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1583846676.cds004.wa1.hn,1583846676.cds005.wa1.c
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

GET
H2 200 snapback.png
www.bleepingcomputer.com/forums/public/style_images/master/ 225 B
602 B 24ms
23ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/snapback.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6f53994bd0a6283fdf4da164ad798f20405f97f93d533091fc34bbe69a3c57f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:36 GMT
cf-cache-status: HIT
age: 269235
cf-polished: pngoptimizer, origSize=320, status=vary_header_present
status: 200
content-length: 225
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "140-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Mon, 06 Apr 2020 10:37:21 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b602ccc72b1-AMS
cf-bgj: imgq:100

GET
H2 200 loading.gif
www.bleepingcomputer.com/forums/public/style_images/master/lightbox/ 2 KB
2 KB 30ms
30ms Image
image/gif 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/lightbox/loading.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61da0a4638505960ec52709b7df80d92683c56e13042079daf5f082fc9548d5e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:36 GMT
cf-cache-status: HIT
age: 2099559
cf-polished: origSize=2767, status=vary_header_present
status: 200
content-length: 1588
last-modified: Thu, 18 Dec 2008 14:27:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "acf-45e52fc88de00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/gif
expires: Mon, 16 Mar 2020 06:11:57 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b602cce72b1-AMS
cf-bgj: imgq:100

GET
H2 200 closelabel.gif
www.bleepingcomputer.com/forums/public/style_images/master/lightbox/ 471 B
630 B 31ms
31ms Image
image/gif 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/lightbox/closelabel.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e89beb7d66ef7d5e58dfcefd22a51e1a8ae452a49bc20d020418cf2b6c666d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 13:24:36 GMT
cf-cache-status: HIT
age: 1492845
cf-polished: origSize=483, status=vary_header_present
status: 200
content-length: 471
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "1e3-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/gif
expires: Mon, 23 Mar 2020 06:43:51 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 571d5b602cd072b1-AMS
cf-bgj: imgq:100

GET
H2 200 like.php
www.facebook.com/plugins/ Frame 299F 0
0 68ms
67ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=942111685863795&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df1c4d258d492818%26domain%3Dwww.bleepingcomputer.com%26origin%3Dhttps%253A%252F%252Fwww.bleepingcomputer.com%252Ffa34a4d20083ac%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&width=150

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=a03375e05ae4a67c0008483957ac8c47&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?action=like&app_id=942111685863795&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df1c4d258d492818%26domain%3Dwww.bleepingcomputer.com%26origin%3Dhttps%253A%252F%252Fwww.bleepingcomputer.com%252Ffa34a4d20083ac%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&width=150
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
strict-transport-security: max-age=15552000; preload
content-encoding: br
timing-allow-origin: *
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: text/html; charset="utf-8"
x-fb-debug: NvSv6IoOpO4DA6NptJmfxPO15zOFYCrJ10sW8eH0I8TmJceVbrLIADJ7QgiFkKiCMa8EuB8DuhlBKPyCEPnbeA==
date: Tue, 10 Mar 2020 13:24:36 GMT Tue, 10 Mar 2020 13:24:36 GMT
alt-svc: h3-27=":443"; ma=3600

GET
H2 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.JKCQ2Hvuo0E.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ/ 95 KB
33 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.JKCQ2Hvuo0E.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f911bdd7b17d93b0528cbd2ece126cc99e61bc25addfb75e3d2ff4a69e115c9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 04 Mar 2020 22:41:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 15 Jan 2020 20:40:07 GMT
server: sffe
age: 484969
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 33741
x-xss-protection: 0
expires: Thu, 04 Mar 2021 22:41:47 GMT

GET
H2 404 fastbutton
apis.google.com/se/0/_/+1/ Frame 6BBF 0
0 28ms
27ms Document
text/html 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&count=false&size=small&hl=en-GB&origin=https%3A%2F%2Fwww.bleepingcomputer.com&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /se/0/_/+1/fastbutton?usegapi=1&count=false&size=small&hl=en-GB&origin=https%3A%2F%2Fwww.bleepingcomputer.com&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 404
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 10 Mar 2020 13:24:36 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy-report-only: script-src 'report-sample' 'nonce-QLr0urlr6g7l7/i92NEmBA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=199=OgzcoDgbfkz3Rt4Op-Z2CxXL01VTkqhLyeKBcn_E34Ch_jRaEHYJkzfRw5aWO5LzJ06zZ09NZ3QArOcSrTfmW7DkShEHNNKvVEkE-J_gY0bN4NqdwdhQkENOVHd4cdJ9EgUwlxC6T0mTPSLY1rfOgAANaWyH-LFuSe-8VOrS0x4; expires=Wed, 09-Sep-2020 13:24:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 postmessageRelay
accounts.google.com/o/oauth2/ Frame 4772 0
0 42ms
17ms Document
text/html 2a00:1450:4001:817::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.JKCQ2Hvuo0E.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RTFyTteiIMc5L+gQnJEFPw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=199=OgzcoDgbfkz3Rt4Op-Z2CxXL01VTkqhLyeKBcn_E34Ch_jRaEHYJkzfRw5aWO5LzJ06zZ09NZ3QArOcSrTfmW7DkShEHNNKvVEkE-J_gY0bN4NqdwdhQkENOVHd4cdJ9EgUwlxC6T0mTPSLY1rfOgAANaWyH-LFuSe-8VOrS0x4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 10 Mar 2020 13:24:36 GMT
content-security-policy: script-src 'report-sample' 'nonce-RTFyTteiIMc5L+gQnJEFPw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

POST
H/1.1 200
OK auction Show response
prebid.pub.network/openrtb2/ 142 B
430 B 188ms
172ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/openrtb2/auction
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 7768bf1a2bcbe82260f1aa7ab5650e50c1b53ddf2fdff88beedbaa7064b646c8

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 149
Expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
874 B 17ms
15ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 10 Mar 2020 13:24:38 GMT
X-Proxy-Origin: 83.143.245.69; 83.143.245.69; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.40:80
AN-X-Request-Uuid: 57d7dd95-3991-47a9-b7da-cbe9d2016b7a
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 174 B
578 B 436ms
101ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&ch=windows-1252&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=ffa3714a-1797-4083-89fe-120d7e3b04dd&nocache=1583846676594&pubcid=77677ac8-ae96-4641-b675-b2092b6a61e4&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_BTF&auid=540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash: 4de5776fcf3ab6c04b22aa9ec6d0f774ef1a80e393311859732862de1e6db45f

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:37 GMT
content-encoding: gzip
server: OXGW/16.179.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595

0
-1 B

110ms
100ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595

0
-1 B

102ms
93ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595

0
-1 B

112ms
103ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
992 B 135ms
126ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%22119677addfb53085%22%2C%22imp%22%3A%5B%7B%22id%22%3A%221203f6285ffac6cc%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22121c16dd732eb466%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221228b2dfcea45a22%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d9ab824c641d5401c81687dd4fd92dae14cd85469638c50aa145071d677fcf47

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 10 Mar 2020 13:24:36 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Tue, 10 Mar 2020 13:24:36 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
875 B 36ms
12ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 10 Mar 2020 13:24:38 GMT
X-Proxy-Origin: 83.143.245.69; 83.143.245.69; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.244:80
AN-X-Request-Uuid: 8bad5d96-857f-4edc-bd2a-97a927788442
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
447 B 914ms
54ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 10 Mar 2020 13:24:37 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 571d5b662ebc7227-AMS
access-control-allow-headers: origin, content-type

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 18ms
12ms XHR
text/plain 52.29.78.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=1289d9ab76865de7&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.78.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-78-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 10 Mar 2020 13:24:36 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 19ms
14ms XHR
text/plain 52.29.78.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=1299b96616664893&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.78.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-78-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 10 Mar 2020 13:24:36 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 16ms
14ms XHR
text/plain 2a02:fa8:8806:12::1430
VALUECLICK

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN25751 (VALUECLICK, US),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 10 Mar 2020 13:24:36 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
333 B 384ms
10ms XHR
application/json 3.122.6.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.122.6.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-6-57.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
x-auction-status: 12, 12, 12, 12
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 0
267 B 150ms
112ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 10 Mar 2020 13:24:36 GMT
Access-Control-Allow-Credentials: true
Content-Length: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2

302

ADTECH;apid=1A7cf85a0a-62d2-11ea-9470-121160e138ec;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7cf85a0a-62d2-11ea-9470-121160e138ec;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1...

0
-1 B

103ms
103ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7cf85a0a-62d2-11ea-9470-121160e138ec;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7cf85a0a-62d2-11ea-9470-121160e138ec;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7cf85a0a-62d2-11ea-9470-121160e138ec;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A7cf8409c-62d2-11ea-aedb-125139b028ba;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7cf8409c-62d2-11ea-aedb-125139b028ba;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1...

0
-1 B

94ms
94ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7cf8409c-62d2-11ea-aedb-125139b028ba;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7cf8409c-62d2-11ea-aedb-125139b028ba;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7cf8409c-62d2-11ea-aedb-125139b028ba;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A7cf9f1da-62d2-11ea-b3d3-12121b825df6;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7cf9f1da-62d2-11ea-b3d3-12121b825df6;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1...

0
-1 B

101ms
101ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7cf9f1da-62d2-11ea-b3d3-12121b825df6;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7cf9f1da-62d2-11ea-b3d3-12121b825df6;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7cf9f1da-62d2-11ea-b3d3-12121b825df6;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A7cf8409c-62d2-11ea-aedb-125139b028ba;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 945 B
1 KB 443ms
442ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A7cf8409c-62d2-11ea-aedb-125139b028ba;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=140fadf15e0064af;misc=1583846676595
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: ef93d62164d28127d061351037227f796318d689fa5002386ab8b21358a3046c

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:37 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A7cf85a0a-62d2-11ea-9470-121160e138ec;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 945 B
1 KB 460ms
460ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A7cf85a0a-62d2-11ea-9470-121160e138ec;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=141d72f7af00f672;misc=1583846676595
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 1a1ddff3b1e1b386b391069df14518a9eb20afa5868d14b46ff2c8231b79a464

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:37 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A7cf9f1da-62d2-11ea-b3d3-12121b825df6;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 945 B
1 KB 184ms
184ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A7cf9f1da-62d2-11ea-b3d3-12121b825df6;cfp=1;rndc=1583846676;v=2;cmd=bid;cors=yes;alias=142a69eb716dd9d9;misc=1583846676595
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 4ba015ac8f2373079467ab61dc568cc09f592d0eacb11e97647afbbc89d17d5e

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:36 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 11 KB
7 KB 266ms
266ms XHR
text/plain 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=835558910142548&correlator=3103139293429407&output=ldjh&impl=fifs&adsid=NT&jar=2020-03-10-13&eid=21065399%2C21064370%2C21065576%2C21064522&vrg=2020030501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200310&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&rcs=1&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1583846677&dt=1583846677664&dlt=1583846673209&idt=545&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=230&adks=960084856&ucis=5&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&dssz=67&icsg=2252899321161980&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x105&msz=970x90&psts=ABP-KfQ1F_EDpwqiqFh3txAOEJa3%2CABP-KfS8EylaXgWWBInhXMDghM6GjGSj9HG7LG8tk62oXNAECHt0zBbwiiJ5Aokm7sGNAl0ObVkW7c-jXF8I&ga_vid=559022447.1583846676&ga_sid=1583846676&ga_hid=404236288&fws=4&ohw=1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s18-in-f98.1e100.net

Software

cafe /

Resource Hash

c15838b5859b98b4025d142f783a04dfdae8a022b27fb4ba1507cfcf974154f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6787
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame E1F2 0
0 6ms
5ms Document
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003021155/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Tue, 10 Mar 2020 13:06:59 GMT
expires: Wed, 10 Mar 2021 13:06:59 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1058
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

POST
H2 200 / Show response
r.skimresources.com/api/ 152 B
495 B 18ms
17ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?xguid=01E329WQGAW68VNQZ00NST3G53&persistence=1&checksum=c956a0a23296a29a0d67aa92b00e8ef601a7aa1a39195b730c49c1e273fd5a55

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

8dc18b02d36e6a4a5d34aac33829bb62b8b4b245046817bff60e931cb5bb5351

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 10 Mar 2020 13:24:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
status: 200
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: application/json
alt-svc: clear
via: 1.1 google

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
349 B 37ms
19ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:24:38 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

GET
H2 200 iab Show response
api.skimlinks.mgr.consensu.org/ 772 B
643 B 1093ms
17ms XHR
application/json 35.190.40.172
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.skimlinks.mgr.consensu.org/iab?nocache=1583846678065

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.40.172 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

172.40.190.35.bc.googleusercontent.com

Software

nginx/1.14.0 /

Resource Hash

4898c2b9f8c2f931ef6a819d36e0019867931d9519af933ab4bd5edce724b2a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx/1.14.0
access-control-allow-headers: *
status: 200
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
via: 1.1 google

POST
H/1.1 200
OK c Show response
c.pub.network/ 0
267 B 115ms
115ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 10 Mar 2020 13:24:38 GMT
Access-Control-Allow-Credentials: true
Content-Length: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2

200

/
p.skimresources.com/ Frame F6D5
Redirect Chain

https://x.skimresources.com/?provider=exelate
https://loadeu.exelator.com/load/?p=787&g=001&j=0&
https://loadeu.exelator.com/load/?p=787&g=001&j=0&&xl8blockcheck=1
https://x.skimresources.com/?provider=exelate&skim_mapping=true&provider_id=5e4ed6ba17fef970bde27e1ae611f06c
https://p.skimresources.com/?provider_id=5e4ed6ba17fef970bde27e1ae611f06c&skim_mapping=true

43 B
267 B

83ms
82ms

Image
image/gif

151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/?provider_id=5e4ed6ba17fef970bde27e1ae611f06c&skim_mapping=true
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:40 GMT
status: 200
x-guploader-uploadid: AEnB2UpvotYT0N4OKNQ7NFsBdSNmgoiDNOWci2e8DUh-ZNS2P9ildPy3aRlfpBZVErT2VN9OXUPqR9ERBEaeruWgvEFeZVt6xQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1583846680.cds004.wa1.hn,1583846680.cds004.wa1.sc,1583846680.cds004.wa1.pr
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

Redirect headers

Location: https://p.skimresources.com?provider_id=5e4ed6ba17fef970bde27e1ae611f06c&skim_mapping=true
Date: Tue, 10 Mar 2020 13:24:40 GMT
Server: TornadoServer/2.4.1
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2

200

/
p.skimresources.com/ Frame F6D5
Redirect Chain

https://sync.crwdcntrl.net/map/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D
https://x.skimresources.com/?provider=lotame&skim_mapping=true&provider_id=b6ee513c24dec35335c8fec5e8bdf5c9
https://p.skimresources.com/?provider_id=b6ee513c24dec35335c8fec5e8bdf5c9&skim_mapping=true

43 B
266 B

88ms
87ms

Image
image/gif

151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/?provider_id=b6ee513c24dec35335c8fec5e8bdf5c9&skim_mapping=true
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:41 GMT
status: 200
x-guploader-uploadid: AEnB2UrnLIBMuorgmAJ-dn4u4rrmlSYxaZDUqRVbVcjLTplNVQLCgW5Jxd0MmBNztzsv1oa6pmp2Gpo9cD78jhbTngudXO9lgw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1583846681.cds004.wa1.hn,1583846681.cds004.wa1.sc,1583846681.cds004.wa1.pr
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

Redirect headers

Location: https://p.skimresources.com?provider_id=b6ee513c24dec35335c8fec5e8bdf5c9&skim_mapping=true
Date: Tue, 10 Mar 2020 13:24:41 GMT
Server: TornadoServer/2.4.1
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

POST
H/1.1 200
OK c Show response
c.pub.network/ 0
267 B 466ms
113ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 10 Mar 2020 13:24:40 GMT
Access-Control-Allow-Credentials: true
Content-Length: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 22ms
7ms XHR
application/javascript 99.86.0.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-0-120.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 10:23:16 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 10885
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 05 Mar 2020 08:28:46 GMT
server: AmazonS3
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 82e9051d8d41080bd3028731e0e8677f.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: Dk0qaTV4GH7XEktENxNec196QGfVbSJ1NYDSgBE8gDGxufTx4JWVkA==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
376 B 58ms
58ms XHR
text/javascript 99.86.0.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&pid=lVUMN3v6jfU1H&cb=0&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_2%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-0-120.fra6.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:41 GMT
via: 1.1 d3039ad83798b26ecb9f9f1e666afe27.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA6-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: mPNJDQeoSoXDcC8fStjrl57BMYcZYy8ecsNxrwSm7s2j9UV6cClY_w==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
377 B 42ms
42ms XHR
text/javascript 99.86.0.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&pid=7fQ6LbMhBtqVD&cb=1&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-0-120.fra6.r.cloudfront.net
Software: Server /
Resource Hash: 89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:41 GMT
via: 1.1 d3039ad83798b26ecb9f9f1e666afe27.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA6-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: wyUbqX0r-Fw89hsuFikYTa-B1VKYrB5qQro_kHZLEXTX6fKvAgD2Wg==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
378 B 51ms
50ms XHR
text/javascript 99.86.0.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&pid=kzzwGrbkmIZV0&cb=2&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-0-120.fra6.r.cloudfront.net
Software: Server /
Resource Hash: 5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:41 GMT
via: 1.1 d3039ad83798b26ecb9f9f1e666afe27.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA6-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: myAzV_kdX72TwLD1PQ_iYFXTaJf6ZgukWEVmc0G7VqFSGFB7HYKXww==

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 457 B
435 B 247ms
247ms XHR
text/plain 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=835558910142548&correlator=3103139293429407&output=ldjh&impl=fifs&adsid=NT&jar=2020-03-10-13&eid=21065399%2C21064370%2C21065576%2C21064522&vrg=2020030501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200310&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1583846681&dt=1583846681774&dlt=1583846673209&idt=545&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=6384&adks=976516616&ucis=6&ifi=3&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&dssz=66&icsg=2252899321161980&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1392x105&msz=1392x90&psts=ABP-KfS8EylaXgWWBInhXMDghM6GjGSj9HG7LG8tk62oXNAECHt0zBbwiiJ5Aokm7sGNAl0ObVkW7c-jXF8I&ga_vid=559022447.1583846676&ga_sid=1583846676&ga_hid=404236288&fws=4&ohw=1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s18-in-f98.1e100.net

Software

cafe /

Resource Hash

bdc67f45d9375221d2499f28911da776baab1d69a96d55d970eb35fdaf89ec0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:24:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 248
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 0
267 B 457ms
113ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 10 Mar 2020 13:24:42 GMT
Access-Control-Allow-Credentials: true
Content-Length: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2

200

sync
eb2.3lift.com/ Frame 76D8
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

8ms
8ms

Document
text/html

52.29.139.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.139.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-139-188.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=15085952552406217884
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
date: Tue, 10 Mar 2020 13:24:44 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQle75pIwuCgoI4gEQle75pIwuCgoI5gEQle75pIwuCgkICRCV7vmkjC4KCgipARCV7vmkjC4KCQg5EJXu-aSMLgoJCDoQle75pIwuCgkICxCV7vmkjC4KCgjOARCV7vmkjC4KCQgfEJXu-aSMLg==; Max-Age=7776000; Expires=Mon, 8 Jun 2020 13:24:44 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=15085952552406217884; Max-Age=7776000; Expires=Mon, 8 Jun 2020 13:24:44 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Tue, 10 Mar 2020 13:24:44 GMT
content-length: 0
set-cookie: tluid=7540123439883320003; Max-Age=7776000; Expires=Mon, 8 Jun 2020 13:24:44 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 9DFC 0
0 162ms
111ms Document
text/html 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
date: Tue, 10 Mar 2020 13:24:42 GMT
content-type: text/html
set-cookie: __cfduid=d000c8d6e141e0df17ef94f749e3d08a41583846682; expires=Thu, 09-Apr-20 13:24:42 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
cf-ray: 571d5b855bd07227-AMS
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame F494 0
0 163ms
113ms Document
text/html 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
date: Tue, 10 Mar 2020 13:24:42 GMT
content-type: text/html
set-cookie: __cfduid=d000c8d6e141e0df17ef94f749e3d08a41583846682; expires=Thu, 09-Apr-20 13:24:42 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
cf-ray: 571d5b856bd37227-AMS
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H2

200

pd
eu-u.openx.net/w/1.0/ Frame A2E8
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1

0
0

20ms
19ms

Document
text/html

34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=21acd602-d52f-08a5-001e-47dfb74668ac|1583846682
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=21acd602-d52f-08a5-001e-47dfb74668ac|1583846682; Version=1; Expires=Wed, 10-Mar-2021 13:24:42 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1583846682|mOsLgqgikin0fcmWiygu; Version=1; Expires=Wed, 25-Mar-2020 13:24:42 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.179.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 10 Mar 2020 13:24:42 GMT
content-type: text/html
content-length: 483
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

status: 302
set-cookie: i=e145f8da-7ce5-026d-32ee-4413a974b2f3|1583846682; Version=1; Expires=Wed, 10-Mar-2021 13:24:42 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.179.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
date: Tue, 10 Mar 2020 13:24:42 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2

200

pd
eu-u.openx.net/w/1.0/ Frame ED11
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1

0
0

20ms
20ms

Document
text/html

34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=21acd602-d52f-08a5-001e-47dfb74668ac|1583846682
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=21acd602-d52f-08a5-001e-47dfb74668ac|1583846682; Version=1; Expires=Wed, 10-Mar-2021 13:24:42 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1583846682|mOsLgqgikin0fcmWiygu; Version=1; Expires=Wed, 25-Mar-2020 13:24:42 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.179.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 10 Mar 2020 13:24:42 GMT
content-type: text/html
content-length: 483
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

status: 302
set-cookie: i=21acd602-d52f-08a5-001e-47dfb74668ac|1583846682; Version=1; Expires=Wed, 10-Mar-2021 13:24:42 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.179.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
date: Tue, 10 Mar 2020 13:24:42 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2

200

sync
eb2.3lift.com/ Frame 3226
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

8ms
8ms

Document
text/html

52.29.139.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.139.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-139-188.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=15085952552406217884
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
date: Tue, 10 Mar 2020 13:24:44 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQle75pIwuCgoI4gEQle75pIwuCgoI5gEQle75pIwuCgkICRCV7vmkjC4KCgipARCV7vmkjC4KCQg5EJXu-aSMLgoJCDoQle75pIwuCgkICxCV7vmkjC4KCgjOARCV7vmkjC4KCQgfEJXu-aSMLg==; Max-Age=7776000; Expires=Mon, 8 Jun 2020 13:24:44 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=15085952552406217884; Max-Age=7776000; Expires=Mon, 8 Jun 2020 13:24:44 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Tue, 10 Mar 2020 13:24:44 GMT
content-length: 0
set-cookie: tluid=15085952552406217884; Max-Age=7776000; Expires=Mon, 8 Jun 2020 13:24:44 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
eb2.3lift.com/ Frame 9D50
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

7ms
7ms

Document
text/html

52.29.139.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.139.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-139-188.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=15085952552406217884
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
date: Tue, 10 Mar 2020 13:24:44 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQlO75pIwuCgoI4gEQlO75pIwuCgoI5gEQlO75pIwuCgkICRCU7vmkjC4KCgipARCU7vmkjC4KCQg5EJTu-aSMLgoJCDoQlO75pIwuCgkICxCU7vmkjC4KCgjOARCU7vmkjC4KCQgfEJTu-aSMLg==; Max-Age=7776000; Expires=Mon, 8 Jun 2020 13:24:44 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=15085952552406217884; Max-Age=7776000; Expires=Mon, 8 Jun 2020 13:24:44 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Tue, 10 Mar 2020 13:24:44 GMT
content-length: 0
set-cookie: tluid=6437542799928050262; Max-Age=7776000; Expires=Mon, 8 Jun 2020 13:24:44 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 7838 0
0 71ms
13ms Document
text/html 95.100.196.237
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.237 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-196-237.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: "573e714d-3e3"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Wed, 10 Mar 2021 13:24:42 GMT
Date: Tue, 10 Mar 2020 13:24:42 GMT
Connection: keep-alive

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 4ACE 0
0 140ms
110ms Document
text/html 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
date: Tue, 10 Mar 2020 13:24:42 GMT
content-type: text/html
set-cookie: __cfduid=d000c8d6e141e0df17ef94f749e3d08a41583846682; expires=Thu, 09-Apr-20 13:24:42 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
cf-ray: 571d5b856bd27227-AMS
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame CA7C 0
0 13ms
12ms Document
text/html 23.37.55.184
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 04 Mar 2020 22:48:14 GMT
Content-Encoding: gzip
Content-Length: 7617
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=37749
Expires: Tue, 10 Mar 2020 23:53:51 GMT
Date: Tue, 10 Mar 2020 13:24:42 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 pd
u.openx.net/w/1.0/ Frame B5FD 0
0 24ms
17ms Document
text/html 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=21acd602-d52f-08a5-001e-47dfb74668ac|1583846682
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=21acd602-d52f-08a5-001e-47dfb74668ac|1583846682; Version=1; Expires=Wed, 10-Mar-2021 13:24:42 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1583846682|mOgikimWiygu; Version=1; Expires=Wed, 25-Mar-2020 13:24:42 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.179.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 10 Mar 2020 13:24:42 GMT
content-type: text/html
content-length: 374
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame DD16 0
0 56ms
13ms Document
text/html 95.100.196.237
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.237 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-196-237.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: "573e714d-3e3"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Wed, 10 Mar 2021 13:24:42 GMT
Date: Tue, 10 Mar 2020 13:24:42 GMT
Connection: keep-alive

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame C335 0
0 69ms
16ms Document
text/html 95.100.196.237
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.237 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-196-237.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: "573e714d-3e3"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Wed, 10 Mar 2021 13:24:42 GMT
Date: Tue, 10 Mar 2020 13:24:42 GMT
Connection: keep-alive

POST
H/1.1 200
OK c Show response
c.pub.network/ 0
267 B 483ms
115ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 10 Mar 2020 13:25:04 GMT
Access-Control-Allow-Credentials: true
Content-Length: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
375 B 71ms
66ms XHR
text/javascript 99.86.0.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&pid=2qtxbnAzVVlJZ&cb=3&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-0-120.fra6.r.cloudfront.net
Software: Server /
Resource Hash: 1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Mar 2020 13:25:04 GMT
via: 1.1 d3039ad83798b26ecb9f9f1e666afe27.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA6-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: NjpLbuiJARokIpVkexl-oiSwSL1o7o7-10B0ZCob66x47gsTOKbcGA==

POST auction
prebid.pub.network/openrtb2/ 0
0

POST prebid
ib.adnxs.com/ut/v3/ 0
0

POST
H/1.1 404
Not Found 24
web.hb.ad.cpe.dotomi.com/s2s/header/ 0
0 18ms
18ms XHR
text/plain 2a02:fa8:8806:12::1430
VALUECLICK

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN25751 (VALUECLICK, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 10 Mar 2020 13:25:04 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 174 B
368 B 164ms
121ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&ch=windows-1252&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=07e8e3be-5297-4d3e-b0a4-6744e3114c8b&nocache=1583846704204&pubcid=bdba8137-8d17-42cc-a3b2-c41837b879b4&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF&auid=540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash: 1fd1f340aaf8fa5c0b93ea65cee2252156aabbaa7ecac97f7797707b69c2429e

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
content-encoding: gzip
server: OXGW/16.179.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205

0
-1 B

140ms
101ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205

0
-1 B

141ms
102ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205

0
-1 B

130ms
102ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
168 B 48ms
24ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 10 Mar 2020 13:25:04 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 571d5c0d8aba7227-AMS
access-control-allow-headers: origin, content-type

GET cygnus
as-sec.casalemedia.com/ 0
0

POST prebid
ib.adnxs.com/ut/v3/ 0
0

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
333 B 45ms
28ms XHR
application/json 3.122.6.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.122.6.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-6-57.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
x-auction-status: 12, 12, 12, 12
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 204 v1
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 1055ms
10ms XHR
text/plain 52.29.78.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=185d9ca09d360be9&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.78.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-78-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 10 Mar 2020 13:25:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 1056ms
10ms XHR
text/plain 52.29.78.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=186baae63381d795&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.78.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-78-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 10 Mar 2020 13:25:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
2 KB 464ms
186ms XHR
application/json 69.173.144.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=07e8e3be-5297-4d3e-b0a4-6744e3114c8b&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.1896416027936061
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: cd0d8d757631ae2e5369a72ab1ab9fa908ea60fc808ef4bf9c8bdca99c7d77f0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 10 Mar 2020 13:25:04 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=154
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2

302

ADTECH;apid=1A8d73e39a-62d2-11ea-b851-127f7115e3c4;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A8d73e39a-62d2-11ea-b851-127f7115e3c4;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1...

0
-1 B

106ms
102ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A8d73e39a-62d2-11ea-b851-127f7115e3c4;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A8d73e39a-62d2-11ea-b851-127f7115e3c4;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A8d73e39a-62d2-11ea-b851-127f7115e3c4;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A8d740afa-62d2-11ea-9cc2-12ae2f50edf6;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A8d740afa-62d2-11ea-9cc2-12ae2f50edf6;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1...

0
-1 B

105ms
102ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A8d740afa-62d2-11ea-9cc2-12ae2f50edf6;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A8d740afa-62d2-11ea-9cc2-12ae2f50edf6;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A8d740afa-62d2-11ea-9cc2-12ae2f50edf6;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A8d7440ce-62d2-11ea-8395-1200a56dfbc2;cfp=1;rndc=1583846704;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A8d7440ce-62d2-11ea-8395-1200a56dfbc2;cfp=1;rndc=1583846704;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1...

0
-1 B

106ms
102ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A8d7440ce-62d2-11ea-8395-1200a56dfbc2;cfp=1;rndc=1583846704;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A8d7440ce-62d2-11ea-8395-1200a56dfbc2;cfp=1;rndc=1583846704;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A8d7440ce-62d2-11ea-8395-1200a56dfbc2;cfp=1;rndc=1583846704;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A8d740afa-62d2-11ea-9cc2-12ae2f50edf6;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 945 B
1 KB 212ms
188ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A8d740afa-62d2-11ea-9cc2-12ae2f50edf6;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=190ead0cf7cd2633;misc=1583846704205
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 8a858dfe2cb407ecf6eb8bcabe896da2c1d3fd894534ed484425fd8bc7fe93c0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A8d73e39a-62d2-11ea-b851-127f7115e3c4;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 945 B
1 KB 195ms
171ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A8d73e39a-62d2-11ea-b851-127f7115e3c4;cfp=1;rndc=1583846703;v=2;cmd=bid;cors=yes;alias=189f9d54960a432c;misc=1583846704205
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: c28da664a9de81e364ce87cbbb2cecad1ad96d9d2f06d0f39550fe2244b83780

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A8d7440ce-62d2-11ea-8395-1200a56dfbc2;cfp=1;rndc=1583846704;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 945 B
1 KB 217ms
193ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A8d7440ce-62d2-11ea-8395-1200a56dfbc2;cfp=1;rndc=1583846704;v=2;cmd=bid;cors=yes;alias=191caa657b347b02;misc=1583846704205
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 418dfd9f6642652897d98f63f71caca6189095d555f1b2f31afc6b92f16c918c

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 10 Mar 2020 13:25:04 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
273 B 9ms
9ms Image
image/x-icon 216.58.206.6
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.6 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 10 Mar 2020 06:40:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24283
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Wed, 11 Mar 2020 06:40:22 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: files.slack.com
URL: https://files.slack.com/files-tmb/T184KGAEA-F1L3TRFD0-09e64cc8e8/pasted_image_at_2016_06_24_11_16_am_360.png

Domain: freestar-d.openx.net
URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&ch=windows-1252&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=25fd3443-9707-41f4-9127-503fa99bf600%2C56baf9eb-625a-4e1c-8959-a113e70ab713%2C59ff95bd-52b0-4988-8d5e-679f594b972e&nocache=1583846675203&pubcid=76194afe-c44c-4fda-89a2-76a5f9c182cd&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C728x90&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_728x90_320x50_InContent_2&auid=540959250%2C540959250%2C540959250&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=29ae51791a6d76b&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=3082ededf10472&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=3127a018163935&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=32409795cbb465&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=33de48b172fe1e4&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&

Domain: tlx.3lift.com
URL: https://tlx.3lift.com/header/auction?lib=prebid&v=3.6.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&tmax=1200

Domain: as-sec.casalemedia.com
URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%2248edf913d32178a%22%2C%22imp%22%3A%5B%7B%22id%22%3A%224911bfcde46bd4%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22500e6b8be45a57e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22519e50c3030915d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22526a2bd7efef691%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22538c76d79a81f38%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22549d49faf629131%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2255ff44dfdcf7f41%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&

Domain: dmx.districtm.io
URL: https://dmx.districtm.io/b/v1

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=25fd3443-9707-41f4-9127-503fa99bf600&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.013371529306675622

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=56baf9eb-625a-4e1c-8959-a113e70ab713&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.19458492728229726

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=59ff95bd-52b0-4988-8d5e-679f594b972e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3514987729864445

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=5e4d57ac-5fe2-463b-a34a-54ad4552f278&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9696517130388005

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=ffa3714a-1797-4083-89fe-120d7e3b04dd&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.33580846582649193

Domain: prebid.pub.network
URL: https://prebid.pub.network/openrtb2/auction

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: as-sec.casalemedia.com
URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%2217321ba5b583ea45%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22174e93b3654c18a4%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2217555fc253afa589%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22176ca15a6eda5d7e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F618055%2Ftowerweb-ransomware-help-support-topic-payment-instructionsjpg%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Verdicts & Comments Add Verdict or Comment

170 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://quantcast.mgr.consensu.org/cmp.js(Line 1) Message: Dependency check failed for Publisher Purpose Legitimate Interest IDs: Publisher Purpose Legitimate Interest IDs must be an array containing only purpose IDs contained in the Publisher Purpose IDs array, the following purpose IDs will be ignored: 1, 4, 5
console-api	warning	URL: https://static.quantcast.mgr.consensu.org/v30/cmpui-popup.js(Line 1) Message: Unable to get NonIab Vendor list.
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js(Line 6) Message: Invalid GPT size specification: [[728,90],[970,90],[970,250]]
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js(Line 6) Message: Invalid GPT size specification: [[728,90],[970,90],[970,250]]
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js(Line 6) Message: Invalid GPT size specification: [[728,90]]
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js(Line 6) Message: Invalid GPT size specification: [[1,1]]
console-api	log	URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 1) Message: Video gallery initializing
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js(Line 6) Message: Exception in queued GPT command TypeError: Cannot read property 'getItem' of null
console-api	info	URL: https://cdn.ampproject.org/rtv/012002251816300/amp4ads-v0.js(Line 407) Message: Powered by AMP ⚡ HTML – Version 2002251816300 https://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
accounts.google.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
api.quantcast.mgr.consensu.org
api.skimlinks.mgr.consensu.org
apis.google.com
as-sec.casalemedia.com
audit.quantcast.mgr.consensu.org
btlr.sharethrough.com
c.amazon-adsystem.com
c.pub.network
cdn.ampproject.org
cdn.districtm.io
cluster-na.cdnjquery.com
confiant-integrations.global.ssl.fastly.net
connect.facebook.net
d.pub.network
dmx.districtm.io
eb2.3lift.com
ecdn.analysis.fi
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
files.slack.com
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
googleads.g.doubleclick.net
i.imgur.com
ib.adnxs.com
id-ransomware.malwarehunterteam.com
loadeu.exelator.com
p.skimresources.com
prebid.pub.network
quantcast.mgr.consensu.org
r.skimresources.com
s.skimresources.com
securepubads.g.doubleclick.net
static.quantcast.mgr.consensu.org
sync.crwdcntrl.net
t.skimresources.com
tlx.3lift.com
tpc.googlesyndication.com
u.openx.net
vendorlist.consensu.org
web.hb.ad.cpe.dotomi.com
www.bleepingcomputer.com
www.bleepstatic.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.skimresources.com
as-sec.casalemedia.com
btlr.sharethrough.com
dmx.districtm.io
fastlane.rubiconproject.com
files.slack.com
freestar-d.openx.net
ib.adnxs.com
prebid.pub.network
tlx.3lift.com
104.16.190.66
104.20.59.209
104.26.12.6
13.224.194.70
13.225.87.85
143.204.202.95
147.75.102.200
151.101.113.194
151.101.12.193
151.139.128.10
152.199.22.24
172.217.22.98
212.71.236.117
216.58.206.6
23.210.249.164
23.37.55.184
2600:9000:214f:1c00:9:46dc:4700:93a1
2600:9000:214f:3600:9:46dc:4700:93a1
2600:9000:214f:7600:1:af78:4c0:93a1
2606:4700:20::681a:8b
2606:4700:3034::6812:3213
2a00:1450:4001:800::2008
2a00:1450:4001:808::200a
2a00:1450:4001:80b::200e
2a00:1450:4001:814::2003
2a00:1450:4001:815::2002
2a00:1450:4001:817::200d
2a00:1450:4001:81a::2001
2a00:1450:4001:81b::2001
2a00:1450:4001:81b::2002
2a00:1450:4001:81d::200e
2a00:1450:4001:81e::2004
2a02:fa8:8806:12::1430
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.122.6.57
34.95.120.147
35.188.71.214
35.190.40.172
35.190.59.101
35.201.67.47
35.226.134.247
35.226.36.58
37.252.172.250
52.19.221.77
52.29.139.188
52.29.78.64
52.7.20.116
54.77.173.141
69.173.144.142
95.100.196.237
99.86.0.120
99.86.3.24
008afce66ba151b65a16874b0f5bc315cd16affd070a2f531570f47395933cad
00a30ea925e1a7fdcb597a0c8fe4320e4a897495f6c24ad89bacfb9772d2d7e8
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
089157c2840cc89f33cf3162012e2a765b2000bbafe32d974ccabcf490dcc078
0b5a35aa59af15012b03c44769087fb85282ed12e3c417030d78f95f61697b53
0bc2ee096d68f1de3dfd74d23e4a3d1550001d5a459a537e276b5bdf6f011893
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0f02acb9b7ef562df455eb48cbca2448e5566ca80d7614f286201277eac15a1b
0f1e90548e911e24dedcb2ca0ffee6847a49a8648e9c615bcd0582bb7c7993fd
105a8b13dca7d3dcc57c0529782d9072125dfab34ed2790048e2d2b3c7a847d2
114af008615fbe18f9cc0dfd36ebafd202e12eda91137d48d8a2cab529274d9f
1528c78029c9c65395015049d976e1caedb8b2275db0ffe30a390fd9f6f3ffd1
156a7acc2af4a58325b2e9d0cff93e32770894b5aafb8a9b800a8ab6d103802f
18d824646c1147f2687333fa22e37718e5c666d078eb27ffffa017f59415cac5
1a1ddff3b1e1b386b391069df14518a9eb20afa5868d14b46ff2c8231b79a464
1a78f7bf63f851cbab54a7f7e9ccb76b53ef79834c33cd242aa98d16d228e855
1b051fe6c216eda7bea3523392f0b1c4fc59f141b7e79657e814e8f47fb706f9
1b757ba7877f83ff540eedf0e68cc60f0efbc678f7ea239d484abc985ccd11c7
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1fd1f340aaf8fa5c0b93ea65cee2252156aabbaa7ecac97f7797707b69c2429e
20adf0ad0be32adf4f84ebff8f087c203f8ce67de88b99de1bef8b38d70fdbd0
23b58af4dd0dbb29190f05fd5ca2aa9949a2ba1b805792546ce2c684eb2c257f
23c15538fb760b6e76ad2f5d0450a393054ca27d4b220c4cf90cbdfdd380ab68
24b45790f58b5d8c376ea8320617b5defa1c88576b7b8df5abf1337a758adba3
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
2ef0229dbf3b245afa2fbd209ce7dba56323bcafc380f4ba46b112519bc94641
311b90855c9f23f4f7531137aa339d941b81af0409120d0281a535f0d2920d49
34421bd2874043365b7e61f15cd5abc07c583de7f1ce3976fedab903344f3b9e
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
362af301fc7ee9134ee3f38d680d1702e05ed672fcbc0160b87723bea8848ebf
37e1471c5d3f6fdd60866ae98de36f45c76d810fe1eccf66bda6ad9f603d3667
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382
3e3b8f6c06d2d74cc294ee6439e67b08890587be0081249a158469ace2eaeaaf
3e89beb7d66ef7d5e58dfcefd22a51e1a8ae452a49bc20d020418cf2b6c666d0
40af293c9cbabf1f038c524c4270a81353bba3a28854475d9002ce14a2f9abc7
418dfd9f6642652897d98f63f71caca6189095d555f1b2f31afc6b92f16c918c
424b5f41dcbc693d32ca73f0e2b1daa5cf5524bc2220865c15b81f032bf3052d
48100a7efdd07d27ede8e151c39cad2a2b55853d038c25fc2a846316ea0184ef
4890c1ca2cba2528c78c4c92159275532b399bb86c8d2faab98aa771097603d9
4898c2b9f8c2f931ef6a819d36e0019867931d9519af933ab4bd5edce724b2a8
4ba015ac8f2373079467ab61dc568cc09f592d0eacb11e97647afbbc89d17d5e
4c0da6452d49460747dfb66e407c09e8b68032777f0760b5c3ac259b1697535a
4de5776fcf3ab6c04b22aa9ec6d0f774ef1a80e393311859732862de1e6db45f
50ec0dfe51bd77eee427ce38cc90ef3564afea1a2e1148dc788c2d89b7fa4fb9
51f20d95dad9ea1473e4f877b5f7a7d8bcd589f1f989b8875ffddd83ae716a21
563777fc54d07e48cbea78dd97911bdd12a62d1888d12fe4dfeaaa9b3563d676
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6
5b040cd620ed6482975472e60c4e67309a9375395a53aa7cba72489b76d61545
5b7882a2e10a3c1ae3b2b4f22f5cd32a2987ba66ae409e1460a546dd214949f7
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5fd23dfb8a76c05655a51c79b2b2a8f11ae81686008564c197a3c06a42f54eec
61da0a4638505960ec52709b7df80d92683c56e13042079daf5f082fc9548d5e
61e225f0d67c03cc5a2cdfa2f63e971048d0201711c3cda27c4d4ea0f9f65176
623ba67fdee04abb38857d8cb22124da662ae2d95d1ce5033a4df0ddcd444031
669641985eb1bb7b0e71762f8e734ae2d1832b6976a97f099218d714da1f214e
68a6c91fc7525fa5e2d4186dcb795dfc9fd83b756e76fc64bd002de2c1fb47e9
6e0533d6585c026d1f72a040b902b67d76994eafa3593049d16ee319e9ec9be8
72e694bc607a4782b9bd80625eeadb8bf966ced107ccdcdee0fa97215fb5fbfa
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
770cb6f8747e90dad261e049dfa5cf42e622dac61bcbc86ecb0a8c134228eb91
7768bf1a2bcbe82260f1aa7ab5650e50c1b53ddf2fdff88beedbaa7064b646c8
7c7b602cdbc698beb37421e105d80875a420901cb423183e52af8d1a92f4df85
7c94c428628502f48cc5c48da86ea162f170022b758d9e31bf926be1b2a8e145
7cc36f47b70988855c5cde9579581871e9dc92a285a8b1ba4602a89c915c902c
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e
7f5d0b00b62a793eb7bfca5810c7602990460c37cfedcb41b73d6877425fcbeb
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8347a92981a0fdc73af9e2536f688b1a14e6ebea3b4ee5df22e6654bb5e8ca6c
84eef5f28daaf0fbd14fa4dc0c7253da3ce4635546be59f624cfefe8d3876b01
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a858dfe2cb407ecf6eb8bcabe896da2c1d3fd894534ed484425fd8bc7fe93c0
8cebbfa1487e3dc67737bb93e04d96fef483b4b69cd67707d0cb4817e09a4335
8dc18b02d36e6a4a5d34aac33829bb62b8b4b245046817bff60e931cb5bb5351
8ee04e0441c9e51785d17ac835a93cf4d30d90826f87350b42ba233496a26f55
914053e444ff358317ec2778690f8dfff7c41eeb985a6b3ee2906280bbc4b61a
9158290895e962ac081ae5856cf1c361811b63e1dadf7a6b09fa2f3abbd6ecb5
91772941c245b12f8fcb8447413a0d7ceb9864bf67147894775ea9062c59f82a
92597d72536ce2725db3f04c7ad34252f8d4037ae0a61cdec08f93a0c2db05f2
95c0333dd73fb0f203f25e7c2e10392854890710894b6fb25be1073281e82447
9653ee7a341959e18ad389173433c497aa99da6b89b331df8098ad0aff337a53
967e2ca4f6acdd30fe8199d905a42f91e578494c5ae014f79d8cae4423219edc
989292fb8b721c7ade9e3bcc21c69abafb01164bf48594d534766b33a65c262a
9a7e49fb41c1175f9d4e394b6fe993af1b657150e53115b86b7e410a4aad4985
a18f13b0d5cc7a3e3fe3d37df2e30414273a139264e98576e89704d5eed0b42f
a292c3af49568a498020caab16b2010f8dfad4ac19649094f6d9c85a206f9cd5
a51f645170637f10f3eba218020318af3fff3ad8e7087db87ef607896f19a940
a55c6652514d6e2ebc88198444ac6b199e6ad119d0d009eea0a52e87cd7b39df
a915aab28857afeac49311ceff852888da1623eb0f589d7f43fbfbfbceb562e9
ab1a12c0da652f8e525d21b28ca7c45b5ea34e787b561120cd8564089faf2a96
ac2a58f9d55c4642121cfb6f7e213cbc882bbdd75ef171ca8a07ed982ef693ce
acf017c83891b3d82185eedcfd8ef7fd3c5831873e922ab70c4afdbb81700902
affa28efb0c6bb6f9bb296d2e171e38589f3534b5d39081577bbc0eb2cd7a0cc
affd87461f2babd57a2f7aec75e9193e8e71a377e8249a02c95a5f43326e289e
b7e006e234a1354aaaae967f50542e5a501782ca3484228034631baf1d0ea5af
b937537ed7f13e70dc6a69b6e9b308237cd369e11fa2a2b97a24d97d8487673e
bdab5a45cd656121670184c9dfb1375f4c34f0345ff3232c7ab1d4c4ff6e4ade
bdc67f45d9375221d2499f28911da776baab1d69a96d55d970eb35fdaf89ec0f
bf50c94253085740a5cce42e9c14f7b897cfc384303b38a5d9d7a0ab8ea5160f
bfd753d445592a633d4e3b8f74fe6e4ca85ab95a1f0b2fc00f11afeaaeed8194
c15838b5859b98b4025d142f783a04dfdae8a022b27fb4ba1507cfcf974154f6
c28da664a9de81e364ce87cbbb2cecad1ad96d9d2f06d0f39550fe2244b83780
c2a0ed3ea5aebdf80781e96b0e677656f9db72ea592b679299953852fef84b02
c2e37b734b7cce909146a2ecd78ce22530889543fd5a5ccbc0b0e1e0b64918e9
c492e255fdd7f2a487b843235d2018d92a3e041c2d2b84bb3194c1f458fbb82b
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
cbd8236978dd3f165bc49566f78c460e3937e552df38787439c1ef2797c4c709
cd0d8d757631ae2e5369a72ab1ab9fa908ea60fc808ef4bf9c8bdca99c7d77f0
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d11e31e4a1d2b7528c066ca3c849a95e53a53538440a5d72c18bf9f9ee84ce9e
d2ccd5167c702b43d4c6dfc47eb2503d3717ca59de8380628c01b646583564a5
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a
d7226a9daa2c231b51ec386d79df4ee4ffee5ccfdab966abd422099a6dda2f88
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9ab824c641d5401c81687dd4fd92dae14cd85469638c50aa145071d677fcf47
dc12329cf188cb16c368ca0141cc8d679269823585519f691327d7341434ec14
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de1f8951b7801ad3b6d686af593fafd83d936526937260986932d8eaacdb2d0e
dffd83700dd74d4524da45259085e0a134e06e87b4fe5b7fdf77134269da81ae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57c9bc67a827ad246d31b9e24e71d6574e54c00e06e875a8aa83063fe50692d
e6f53994bd0a6283fdf4da164ad798f20405f97f93d533091fc34bbe69a3c57f
ea99b0d7d706f0144a121af332e2efaae3a1fa76a4a3dbdbec7faa2b0177a2b0
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ebbdc09f56e8b9cba9117f0d84b4903fdc89508496a9b5d5b8d6bf59ff13ebbf
ec648607e22402b8353e33b24cdb5d1a46135ef58690d2ce89c730f558688144
ee469e3d281e77f7dcc2655ff8d187907f2240c76a03bf868e7dcfd67f08d880
ef879b83b39fe97ac9e83cc9329bf03ec9199fe7433b1ae62d311ef1dac86cbc
ef93d62164d28127d061351037227f796318d689fa5002386ab8b21358a3046c
f05e5537bc91bd6026cd2ee7a4ce48d5141ba791f68f1ce1264283c8af6c3aeb
f34544ddb27241b3eccb8e06d7447230005e8718b463a30d9dd83d1e8bada1a1
f7cc37747a8501579139a8046b73b731490a0586435eff0e4ec37649cf72ce24
f8e0160637dd3bafc200fd7e36eec35ce15e00f7b353a09103c2cb5eced1accd
f911bdd7b17d93b0528cbd2ece126cc99e61bc25addfb75e3d2ff4a69e115c9d
fa49c5c1e0e248fa3aa6c1ab18ac61115ec6dc336c20dbfb01167af57f48730c
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
ff8d4b73a8346b4a1ebfea06de87f3e0abe4bdd93c3713fb912fa9820019a60f
ffc4b0a5424e7a6e6052f2c196c69bc836649096cb66e9f725b76ec0ab235cc4
ffdc18ac8f47bcd50dd9c33532c334e7073717a62b367d95b9cb1561048547dc

www.bleepingcomputer.com Open in urlscan Pro 104.20.59.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

241 Requests

90 %HTTPS

36 %IPv6

37 Domains

60 Subdomains

50 IPs

8 Countries

2006 kBTransfer

4964 kBSize

0 Cookies

7 Outgoing links

Redirected requests

241 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Screenshot
Live screenshot

Full Image

241
Requests

90 %
HTTPS

36 %
IPv6

37
Domains

60
Subdomains

50
IPs

8
Countries

2006 kB
Transfer

4964 kB
Size

0
Cookies

241 HTTP transactions
2 data transactions