www.reuters.com Open in urlscan Pro
143.204.201.68 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://reut.rs/3jXvpRY
Effective URL:
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-crimi...
Submission: On July 31 via manual (July 31st 2020, 5:39:53 pm UTC) from IN

Summary HTTP 234 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 69 IPs in 10 countries across 53 domains to perform 234 HTTP transactions. The main IP is 143.204.201.68, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is www.reuters.com.
TLS certificate: Issued by Amazon on March 4th 2020. Valid for: a year.

This is the only time www.reuters.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.13 67.199.248.13	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
7	143.204.201.68 143.204.201.68	16509 (AMAZON-02) (AMAZON-02)
7	13.35.254.2 13.35.254.2	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:a800:18:1fcd:34e:d2a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:8400:1e:ef1b:aa40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE)
7	23.66.28.46 23.66.28.46	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2406:da00:ff0... 2406:da00:ff00::36e1:c929	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.201.119 143.204.201.119	16509 (AMAZON-02) (AMAZON-02)
1	99.86.0.85 99.86.0.85	16509 (AMAZON-02) (AMAZON-02)
1	104.18.22.230 104.18.22.230	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.35.254.59 13.35.254.59	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:1b:... 2a04:4e42:1b::714	54113 (FASTLY) (FASTLY)
1	2606:4700:20:... 2606:4700:20::681a:274	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:b7b1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	104.18.23.230 104.18.23.230	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700::68... 2606:4700::6811:b9b1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:374	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:205... 2600:9000:2057:be00:10:27b4:f500:93a1	16509 (AMAZON-02) (AMAZON-02)
3	34.193.24.72 34.193.24.72	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:624... 2600:1f18:624f:b001:d0e0:37be:96ba:aebb	14618 (AMAZON-AES) (AMAZON-AES)
5	23.210.250.97 23.210.250.97	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6810:85e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:205... 2600:9000:2057:da00:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 3	23.37.53.17 23.37.53.17	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.201.93.216 35.201.93.216	15169 (GOOGLE) (GOOGLE)
1	66.81.204.228 66.81.204.228	40034 (CONFLUENC...) (CONFLUENCE-NETWORK-INC)
2	23.62.140.165 23.62.140.165	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.229.146.249 3.229.146.249	14618 (AMAZON-AES) (AMAZON-AES)
11	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
8	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
8	34.240.178.152 34.240.178.152	16509 (AMAZON-02) (AMAZON-02)
2	35.164.248.150 35.164.248.150	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 1	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
8	13.35.254.19 13.35.254.19	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81e::2001	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:819::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:1600:18:1fcd:34e:d2a1	16509 (AMAZON-02) (AMAZON-02)
1	143.204.201.40 143.204.201.40	16509 (AMAZON-02) (AMAZON-02)
1	54.84.196.220 54.84.196.220	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:205... 2600:9000:2057:7200:5:9a4c:9b00:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:814::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81e::200a	15169 (GOOGLE) (GOOGLE)
5	37.157.5.142 37.157.5.142	198622 (ADFORM) (ADFORM)
10	23.210.250.213 23.210.250.213	16625 (AKAMAI-AS) (AKAMAI-AS)
2	143.204.201.10 143.204.201.10	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:824::2003	15169 (GOOGLE) (GOOGLE)
1 7	151.101.114.137 151.101.114.137	54113 (FASTLY) (FASTLY)
10	37.157.2.249 37.157.2.249	198622 (ADFORM) (ADFORM)
2	52.215.228.190 52.215.228.190	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:21f... 2600:9000:21f3:f400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
6	18.191.59.223 18.191.59.223	16509 (AMAZON-02) (AMAZON-02)
15	104.244.39.20 104.244.39.20	7415 (ADSAFE-1) (ADSAFE-1)
1	2a00:1450:400... 2a00:1450:4001:801::2006	15169 (GOOGLE) (GOOGLE)
1 1	80.74.154.241 80.74.154.241	21069 (ASN-METAN...) (ASN-METANET Routing/peering issues: noc@metanet.ch)
1	46.231.207.181 46.231.207.181	21069 (ASN-METAN...) (ASN-METANET Routing/peering issues: noc@metanet.ch)
1	13.35.255.55 13.35.255.55	16509 (AMAZON-02) (AMAZON-02)
2	52.30.152.201 52.30.152.201	16509 (AMAZON-02) (AMAZON-02)
2	69.173.144.158 69.173.144.158	26667 (RUBICONPR...) (RUBICONPROJECT)
1	209.15.45.172 209.15.45.172	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	64.4.253.237 64.4.253.237	11643 (EBAY) (EBAY)
1	2.18.234.107 2.18.234.107	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:26f0:6c0... 2a02:26f0:6c00:298::1ec4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	8.43.72.44 8.43.72.44	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE)
6	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
2 2	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
2 2	52.51.244.26 52.51.244.26	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.135.181 185.29.135.181	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	18.158.113.188 18.158.113.188	16509 (AMAZON-02) (AMAZON-02)
234	69

1 67.199.248.13 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: cname.bitly.com

reut.rs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 143.204.201.68 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-68.fra53.r.cloudfront.net

www.reuters.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.35.254.2 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-254-2.fra6.r.cloudfront.net

static.reuters.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s3.reutersmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s4.reutersmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:a800:18:1fcd:34e:d2a1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:8400:1e:ef1b:aa40:93a1 (United States)

ASN16509 (AMAZON-02, US)

queso-cdn.prod.reuters.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 23.66.28.46 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-66-28-46.deploy.static.akamaitechnologies.com

c.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2406:da00:ff00::36e1:c929 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

usasync01.admantx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.119 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-119.fra53.r.cloudfront.net

cdn.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.0.85 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-0-85.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.22.230 (United States)

ASN13335 (CLOUDFLARENET, US)

www.dianomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.254.59 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-254-59.fra6.r.cloudfront.net

s3.reutersmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::714 (Ascension Island)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:274 (United States)

ASN13335 (CLOUDFLARENET, US)

tru.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b7b1 (United States)

ASN13335 (CLOUDFLARENET, US)

experience.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.18.23.230 (United States)

ASN13335 (CLOUDFLARENET, US)

www.dianomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:b9b1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
experience.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:374 (United States)

ASN13335 (CLOUDFLARENET, US)

tru.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
beacon.tru.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:be00:10:27b4:f500:93a1 (United States)

ASN16509 (AMAZON-02, US)

iabmap.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.193.24.72 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-24-72.compute-1.amazonaws.com

l.betrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:624f:b001:d0e0:37be:96ba:aebb (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

sope.prod.reuters.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.250.97 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-97.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:da00:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.37.53.17 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-53-17.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.93.216 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 216.93.201.35.bc.googleusercontent.com

gwiqcdn.globalwebindex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.81.204.228 (Virgin Islands (British))

ASN40034 (CONFLUENCE-NETWORK-INC, VG)

s.mnet-ad.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.62.140.165 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-62-140-165.deploy.static.akamaitechnologies.com

cdneu-xch.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.229.146.249 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-146-249.compute-1.amazonaws.com

evidon.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.240.178.152 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-178-152.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.164.248.150 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-164-248-150.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9b (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 13.35.254.19 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-254-19.fra6.r.cloudfront.net

static.reuters.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s3.reutersmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

c9aba862264c892257260ec23d030375.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:819::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:1600:18:1fcd:34e:d2a1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.40 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-40.fra53.r.cloudfront.net

get.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.84.196.220 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-196-220.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:7200:5:9a4c:9b00:93a1 (United States)

ASN16509 (AMAZON-02, US)

beacon.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:814::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.5.142 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
reutersdfpcw319687550988.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.201.10 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-10.fra53.r.cloudfront.net

dfp-gateway.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:824::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.114.137 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 37.157.2.249 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.215.228.190 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-228-190.eu-west-1.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:21f3:f400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.191.59.223 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-191-59-223.us-east-2.compute.amazonaws.com

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.244.39.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: amidt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.74.154.241 (Switzerland) 1 redirects

ASN21069 (ASN-METANET Routing/peering issues: noc@metanet.ch, CH)

balancer.sitebarad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.231.207.181 (Bellach, Switzerland)

ASN21069 (ASN-METANET Routing/peering issues: noc@metanet.ch, CH)
PTR: rc17w3108.dnh.net

pipe03.sitebarad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.255.55 (Seattle, United States)

ASN16509 (AMAZON-02, US)

v.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.152.201 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-152-201.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.158 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

beacon-nf.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.15.45.172 (Jacksonville, United States)

ASN13768 (COGECO-PEER1, CA)

use-tor.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.4.253.237 (United States) 1 redirects

ASN11643 (EBAY, US)

rover.ebay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.234.107 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-107.deploy.static.akamaitechnologies.com

secureir.ebaystatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:298::1ec4 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

secure.insightexpressai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.44 (United States)

ASN26667 (RUBICONPROJECT, US)

beacon-us-iad2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f162.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.49 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

rtd.tubemogul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

rtd-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.51.244.26 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.135.181 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.158.113.188 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

i.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	adsafeprotected.com cdn.adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	193 KB
22	googlesyndication.com c9aba862264c892257260ec23d030375.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	71 KB
18	reuters.com www.reuters.com static.reuters.com	923 KB
15	adform.net track.adform.net s1.adform.net	191 KB
13	connatix.com 1 redirects cd.connatix.com cds.connatix.com capi.connatix.com vid.connatix.com img.connatix.com	241 KB
11	doubleclick.net 2 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	112 KB
11	dianomi.com www.dianomi.com	19 KB
10	ampproject.org cdn.ampproject.org	216 KB
9	rubiconproject.com beacon-nf.rubiconproject.com beacon-us-iad2.rubiconproject.com pixel.rubiconproject.com token.rubiconproject.com	2 KB
8	moatpixel.com reutersdfpcw319687550988.s.moatpixel.com	2 KB
8	evidon.com c.evidon.com iabmap.evidon.com	42 KB
7	media.net contextual.media.net cdneu-xch.media.net	193 KB
7	google-analytics.com www.google-analytics.com	93 KB
5	reutersmedia.net s3.reutersmedia.net s4.reutersmedia.net	87 KB
4	adsrvr.org v.adsrvr.org insight.adsrvr.org use-tor.adsrvr.org	1 KB
4	gstatic.com fonts.gstatic.com	44 KB
4	moatads.com z.moatads.com geo.moatads.com	207 KB
4	s-onetag.com get.s-onetag.com beacon.s-onetag.com dfp-gateway.s-onetag.com	50 KB
4	google.com 2 redirects adservice.google.com www.google.com	1 KB
4	googletagservices.com www.googletagservices.com	99 KB
3	googleapis.com fonts.googleapis.com	3 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	3 KB
3	betrad.com l.betrad.com	360 B
3	tinypass.com experience.tinypass.com cdn.tinypass.com	124 KB
3	tru.am tru.am beacon.tru.am	14 KB
3	chartbeat.com static.chartbeat.com mab.chartbeat.com	32 KB
2	tidaltv.com 2 redirects sync.tidaltv.com	1022 B
2	everesttech.net 2 redirects rtd-tm.everesttech.net	669 B
2	sitebarad.com 1 redirects balancer.sitebarad.com pipe03.sitebarad.com	945 KB
2	facebook.com www.facebook.com	371 B
2	segment.io api.segment.io	282 B
2	google.de adservice.google.de www.google.de	1 KB
2	consensu.org vendorlist.consensu.org evidon.mgr.consensu.org	19 KB
2	facebook.net connect.facebook.net	166 KB
2	reuters.tv queso-cdn.prod.reuters.tv sope.prod.reuters.tv	26 KB
1	w55c.net 1 redirects i.w55c.net	671 B
1	mathtag.com 1 redirects sync.mathtag.com	610 B
1	tubemogul.com 1 redirects rtd.tubemogul.com	288 B
1	insightexpressai.com secure.insightexpressai.com	2 KB
1	ebaystatic.com secureir.ebaystatic.com	454 B
1	ebay.com 1 redirects rover.ebay.com	779 B
1	2mdn.net s0.2mdn.net	48 KB
1	chartbeat.net ping.chartbeat.net	168 B
1	mnet-ad.net s.mnet-ad.net	356 B
1	globalwebindex.net gwiqcdn.globalwebindex.net	6 KB
1	cloudflare.com cdnjs.cloudflare.com	2 KB
1	segment.com cdn.segment.com	96 KB
1	admantx.com usasync01.admantx.com	663 B
1	ytimg.com s.ytimg.com	32 KB
1	youtube.com www.youtube.com	1 KB
1	googletagmanager.com www.googletagmanager.com	87 KB
1	reut.rs 1 redirects reut.rs	321 B
0	jquery.com Failed code.jquery.com Failed
234	53

	Domain	Requested by
17	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.reuters.com cdn.ampproject.org tpc.googlesyndication.com
15	dt.adsafeprotected.com
11	www.dianomi.com	static.reuters.com www.dianomi.com www.reuters.com
11	static.reuters.com	www.reuters.com
10	s1.adform.net	track.adform.net s1.adform.net www.reuters.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
8	reutersdfpcw319687550988.s.moatpixel.com
8	pixel.adsafeprotected.com	cdn.adsafeprotected.com www.reuters.com
8	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.reuters.com
7	c.evidon.com	static.reuters.com c.evidon.com
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com cdn.segment.com www.reuters.com
7	www.reuters.com	static.reuters.com www.googletagmanager.com c.evidon.com
6	capi.connatix.com	cds.connatix.com
5	pixel.rubiconproject.com
5	track.adform.net	securepubads.g.doubleclick.net s1.adform.net
5	contextual.media.net	static.reuters.com contextual.media.net www.reuters.com
4	static.adsafeprotected.com	pixel.adsafeprotected.com www.reuters.com
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
4	fonts.gstatic.com	securepubads.g.doubleclick.net cdn.ampproject.org
4	www.googletagservices.com	contextual.media.net securepubads.g.doubleclick.net
4	s3.reutersmedia.net	www.reuters.com
3	cds.connatix.com	www.reuters.com cds.connatix.com
3	fonts.googleapis.com	securepubads.g.doubleclick.net
3	www.google.com	2 redirects www.reuters.com
3	sb.scorecardresearch.com	1 redirects www.reuters.com
3	l.betrad.com	www.reuters.com
2	sync.tidaltv.com	2 redirects
2	rtd-tm.everesttech.net	2 redirects
2	beacon-nf.rubiconproject.com
2	insight.adsrvr.org
2	img.connatix.com
2	geo.moatads.com	z.moatads.com
2	dfp-gateway.s-onetag.com	get.s-onetag.com
2	z.moatads.com	securepubads.g.doubleclick.net
2	www.facebook.com	www.reuters.com connect.facebook.net
2	api.segment.io	cdn.segment.com
2	cdneu-xch.media.net	www.reuters.com
2	connect.facebook.net	cdn.segment.com connect.facebook.net
2	experience.tinypass.com	www.reuters.com cdn.tinypass.com
2	tru.am	www.googletagmanager.com tru.am
2	static.chartbeat.com	www.reuters.com
1	token.rubiconproject.com
1	i.w55c.net	1 redirects
1	sync.mathtag.com	1 redirects
1	rtd.tubemogul.com	1 redirects
1	cm.g.doubleclick.net	1 redirects
1	beacon-us-iad2.rubiconproject.com
1	secure.insightexpressai.com
1	secureir.ebaystatic.com
1	rover.ebay.com	1 redirects
1	use-tor.adsrvr.org
1	v.adsrvr.org
1	vid.connatix.com	cds.connatix.com
1	pipe03.sitebarad.com	www.reuters.com
1	balancer.sitebarad.com	1 redirects
1	s0.2mdn.net	s1.adform.net
1	googleads.g.doubleclick.net
1	cd.connatix.com	1 redirects
1	beacon.s-onetag.com	get.s-onetag.com
1	ping.chartbeat.net
1	get.s-onetag.com	www.googletagmanager.com
1	c9aba862264c892257260ec23d030375.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	www.google.de	www.reuters.com
1	stats.g.doubleclick.net	1 redirects
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	evidon.mgr.consensu.org	c.evidon.com
1	s.mnet-ad.net	www.reuters.com
1	gwiqcdn.globalwebindex.net	www.reuters.com
1	vendorlist.consensu.org	c.evidon.com
1	beacon.tru.am	tru.am
1	cdnjs.cloudflare.com	www.dianomi.com
1	sope.prod.reuters.tv	static.reuters.com
1	iabmap.evidon.com	c.evidon.com
1	cdn.tinypass.com	experience.tinypass.com
1	mab.chartbeat.com	static.chartbeat.com
1	cdn.segment.com	www.reuters.com
1	cdn.adsafeprotected.com	static.reuters.com
1	usasync01.admantx.com	static.reuters.com
1	s.ytimg.com	www.youtube.com
1	www.youtube.com	www.reuters.com
1	s4.reutersmedia.net	www.reuters.com
1	www.googletagmanager.com	www.reuters.com
1	queso-cdn.prod.reuters.tv	www.reuters.com
1	reut.rs	1 redirects
0	code.jquery.com Failed	www.reuters.com
234	86

This site contains links to these domains. Also see Links.

Domain
www.refinitiv.com
www.thomsonreuters.com
www.reutersagency.com
risk.thomsonreuters.com
blogs.thomsonreuters.com
innovation.thomsonreuters.com
reuters.zendesk.com
www.twitter.com
www.facebook.com
thomsonreuters.com
newslink.reuters.com
sales.reuters.com
info.evidon.com
twitter.com
www.youtube.com
instagram.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.reuters.com Amazon	`2020-03-04` - `2021-04-04`	a year	crt.sh
static.reuters.com Amazon	`2019-11-25` - `2020-12-25`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2020-06-01` - `2021-06-02`	a year	crt.sh
*.prod.reuters.tv Amazon	`2019-12-31` - `2021-01-31`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
*.evidon.com DigiCert Secure Site ECC CA-1	`2020-04-29` - `2021-07-29`	a year	crt.sh
*.admantx.com SSL.com RSA SSL subCA	`2019-03-29` - `2021-06-25`	2 years	crt.sh
*.adsafeprotected.com COMODO RSA Domain Validation Secure Server CA	`2018-08-20` - `2020-09-17`	2 years	crt.sh
*.segment.com DigiCert SHA2 Secure Server CA	`2020-06-12` - `2021-07-27`	a year	crt.sh
dianomi.com Cloudflare Inc ECC CA-3	`2020-07-02` - `2021-07-02`	a year	crt.sh
f6.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-06-13` - `2021-04-24`	10 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-20` - `2021-07-20`	a year	crt.sh
ssl802628.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2020-05-20` - `2020-11-26`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
l.betrad.com Go Daddy Secure Certificate Authority - G2	`2019-04-25` - `2021-06-24`	2 years	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
cloudflare.com Cloudflare Inc ECC CA-3	`2020-07-04` - `2021-07-04`	a year	crt.sh
vendorlist.consensu.org Amazon	`2020-02-07` - `2021-03-07`	a year	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
*.globalwebindex.net RapidSSL RSA CA 2018	`2017-12-13` - `2020-12-19`	3 years	crt.sh
*.mnet-ad.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-06` - `2021-04-14`	a year	crt.sh
evidon.mgr.consensu.org Amazon	`2020-07-25` - `2021-08-25`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2020-03-14` - `2021-04-14`	a year	crt.sh
www.google.de GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
*.s-onetag.com Amazon	`2020-03-03` - `2021-04-03`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2019-12-16` - `2020-12-30`	a year	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2019-09-05` - `2020-10-19`	a year	crt.sh
*.moatads.com DigiCert SHA2 Secure Server CA	`2019-03-12` - `2021-06-10`	2 years	crt.sh
static.adsafeprotected.com Amazon	`2019-11-01` - `2020-12-01`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
pipe03.appenzell.net Let's Encrypt Authority X3	`2020-07-01` - `2020-09-29`	3 months	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
www.ebay.com DigiCert SHA2 Secure Server CA	`2020-05-28` - `2021-05-29`	a year	crt.sh
*.insightexpressai.com DigiCert SHA2 Secure Server CA	`2020-03-16` - `2021-06-15`	a year	crt.sh

This page contains 16 frames:

Primary Page: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Frame ID: 3022A48073D8540CD319D7CAB69BC1E4
Requests: 138 HTTP requests in this frame

Frame: https://www.dianomi.com/smartads.epl?id=4728&num_ads=5&shuffle=0&cf=545.4.Reuters%20Feed&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Frame ID: 15F60DC2526102DCD7719D524B307430
Requests: 1 HTTP requests in this frame

Frame: https://www.dianomi.com/recirculation.epl?id=98&cf=545.4.Reuters%20Feed
Frame ID: 7E5817DBBAAD5DE0E453D41D709D70CB
Requests: 1 HTTP requests in this frame

Frame: https://www.dianomi.com/recirculation.epl?id=99&start=6&cf=545.4.Reuters%20Feed
Frame ID: 8BDC58F7375D0EBC117312D671108978
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUF1VN4G&prvid=3%2C23%2C28%2C29%2C33%2C38%2C41%2C51%2C54%2C56%2C59%2C69%2C72%2C74%2C76%2C77%2C80%2C82%2C84%2C97%2C106%2C108%2C109%2C113%2C117%2C118%2C122%2C126%2C138%2C139%2C141%2C145%2C147%2C159%2C172%2C173%2C174%2C175%2C178%2C182%2C184%2C188%2C193%2C201%2C203%2C208%2C214%2C222%2C225%2C226%2C3004%2C3007%2C3008%2C3010%2C3012%2C3014%2C3015%2C3017&rtime=506&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
Frame ID: AD35323A35562EDCAB37C5884745A7C0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Frame ID: 0C686A53B6144C971BB5411AFC68952F
Requests: 22 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstVrw2ZHXqu6SUfCuK41i6vdT7eaKFPyZoNNY7UqooKNLRR28VT7VNMJyNVyv5V6dJ_NZ2d-afXkxeBCtJL7lFuYrJ9-xTo1z3o2ncuInitTwkxXYN2rVzPMrJtRggz4QkUeb1Fdji-P8YfWKOqVHmVfq6lmmmPG3hu0qkg8tvCjxDMlUFQfeAKmRQcgNbuuH8DDSMUSnkOJfvyMYNYoplvOUyeSlH4CEwkM4gqgb2TD3j4V-BQFCYESjNSozomeDE4dM0gZblnlndujOPighP2mFKLAtgvTntr9VjHje74qvgC&sai=AMfl-YSiG9jChhYzEKZjl67nZoiDrKYvzBMm2JvaT3b4vTrox7hVjBKQzO2gpHP56F2tOX7W54BneoQ8Qgc_98aQRPxJMvahMye48NcHMdG7YEGyfaQMvjGra72O8-uA7i8&sig=Cg0ArKJSzINJa6Qu3fB2EAE&urlfix=1&adurl=
Frame ID: BAAEE983F828B2581CBE9228F1CBF3C2
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuSpP03u1ktSQEap7Ji2KfSusSV-zWyYI71qLoTF0K8ziSYi75bJ1eywmhwIhfqj9E3tyRkAL394vY6FlqbVaThmwPOJi7tzo2xVqKtrj55Exc3A2neB09yiJHJF7-3N4L_ikxV54cfKnosDYodK6U3qJzty_PharsMeAvWg0cXtutLYNCdNpavc06tPaCtKtSWlLATaPq_4Xl4QRVojPyydeBrWB03wCr6uhIxO7iSkbHX3p4tweZvFcicV1GyFMZOsgxdqzyULYSj_ZeoqkeYO1-ZxVeQPuH26az8Klg&sai=AMfl-YQAI8vnQFzChOHtDu81tRrkIbJ1UG4Hxv-Sv548WadFvZIGU77LhNjQS_oNgIwUD4OXaoxGr01gXeO-wBC1xzvlcrC6jWQX7Smbw_ElE3YVctZ6fvyPRGTCKfHashs&sig=Cg0ArKJSzMVwZod7aPehEAE&urlfix=1&adurl=
Frame ID: F3BA48F619CB02F74D2470E935CF0803
Requests: 25 HTTP requests in this frame

Frame: https://cds.connatix.com/p/40500/connatix.player.dc.js
Frame ID: BCB99B7F263E8C9AD05347B883229C4E
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js
Frame ID: 7A3FB49AAF0E178CAED6A4DE08581324
Requests: 17 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=904124793&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=
Frame ID: 6545ADFAF3B4C9BDF67D99D2009C9F0F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 9545CA5235A4AC9FA492359C30C97440
Requests: 1 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=10764&campId=970x250&pubId=4822186048&chanId=247866432&placementId=5400724061&pubCreative=138315302645&pubOrder=2708662048&cb=447709976&custom=leaderboard&custom2=&custom3=0&adsafe_par&impId=cfcea029-d354-11ea-8e39-02bf2b86cc68
Frame ID: 8988A16A0F4BAC852A6DD58BFF519860
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: 7D7DB556E0206112E770D5B33234BE89
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: 37DA8380D3CC3EC2757FF088BF0A7DD7
Requests: 1 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/6268/8259383/8259383.js?ADFassetID=8259383&bv=513
Frame ID: D5A07670F7445AC5BFD90D89EAFBF39A
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://reut.rs/3jXvpRY HTTP 301
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-r... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Page Statistics

234
Requests

100 %
HTTPS

41 %
IPv6

53
Domains

86
Subdomains

69
IPs

10
Countries

4615 kB
Transfer

45016 kB
Size

3
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://www.refinitiv.com/en
Title: Financial

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/products-services/government-solutions.html
Title: Government Solutions

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/products-services/legal.html
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.reutersagency.com/?utm_source=website&utm_medium=reutersdotcom&utm_campaign=site-referral&utm_content=united_states&utm_term=0
Title: Reuters News Agency

Search URL Search Domain Scan URL

URL: https://risk.thomsonreuters.com/en.html
Title: Risk Management Solutions

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/products-services/tax-accounting.html
Title: Tax & Accounting

Search URL Search Domain Scan URL

URL: https://blogs.thomsonreuters.com/answerson/
Title: Blog: Answers On

Search URL Search Domain Scan URL

URL: https://innovation.thomsonreuters.com/en.html
Title: Innovation @ Thomson Reuters

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/global-gateway.html
Title: Directory of sites

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/login.html
Title: Login

Search URL Search Domain Scan URL

URL: https://reuters.zendesk.com/hc/en-us/articles/216467423-Contact-Reuters
Title: Contact

Search URL Search Domain Scan URL

URL: https://reuters.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.twitter.com/share?url=https%3A%2F%2Freut.rs%2F3jXvpRY&text=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Freut.rs%2F3jXvpRY&t=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals

Search URL Search Domain Scan URL

URL: http://thomsonreuters.com/en/about-us/trust-principles.html
Title: The Thomson Reuters Trust Principles.

Search URL Search Domain Scan URL

URL: https://newslink.reuters.com/join/subscribe
Title: Newsletters

Search URL Search Domain Scan URL

URL: https://sales.reuters.com/en/
Title: Advertise with Us

Search URL Search Domain Scan URL

URL: https://info.evidon.com/pub_info/285
Title: Cookies

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/privacy-statement.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://twitter.com/reuters

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Reuters

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ReutersVideo

Search URL Search Domain Scan URL

URL: https://instagram.com/reuters/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/10256858/

Search URL Search Domain Scan URL

URL: https://www.thomsonreuters.com/en/policies/copyright.html
Title: © 2020 Reuters. All Rights Reserved.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://reut.rs/3jXvpRY HTTP 301
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 74

https://sb.scorecardresearch.com/b?c1=2&c2=6035630&ns__t=1596217180227&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1596217180227&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9=&cs_ak_ss=1

Request Chain 86

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-24152976-22&cid=741099389.1596217158&jid=1958139512&gjid=506178639&_gid=1752450065.1596217180&_u=aGhAiEAjR~&z=1622600468 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=741099389.1596217158&jid=1958139512&_v=j83&z=1622600468 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=741099389.1596217158&jid=1958139512&_v=j83&z=1622600468&slf_rd=1&random=2054419799

Request Chain 130

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/40500/connatix.player.dc.js

Request Chain 157

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 194

https://balancer.sitebarad.com/riverhost/Julius%20Baer/0042%20Smart%20Advertising/04_Video_Low_1x/vF970x250_JB_SmartAdvertising_Financial_en/vF970x250_Financial.mp4 HTTP 301
https://pipe03.sitebarad.com/riverhost/Julius%20Baer/0042%20Smart%20Advertising/04_Video_Low_1x/vF970x250_JB_SmartAdvertising_Financial_en/vF970x250_Financial.mp4

Request Chain 228

https://rover.ebay.com/ar/1/707-159525-476830-2/4?mpt=610055&ff18=mWeb&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=536036& HTTP 301
https://secureir.ebaystatic.com/cr/mscdn/3af5e94569654ff63901ea26ef9bbabb/view_pixel_1x1.gif

Request Chain 231

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=rubicon&google_cm&google_sc& HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESECqIS4ytsqf9mdd9qopnNAM&google_cver=1

Request Chain 232

https://rtd.tubemogul.com/upi/pid/btu4jd3a?gdpr=1&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D& HTTP 302
https://rtd-tm.everesttech.net/upi/pid/btu4jd3a?gdpr=1&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D& HTTP 302
https://rtd-tm.everesttech.net/ct/upi/pid/btu4jd3a?gdpr=1&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&&_test=XyRXXwAAAEBDTg9x HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=XyRXXwAAAEBDTg9x

Request Chain 233

https://sync.tidaltv.com/GenericUserSync.ashx?gdpr=1&dpid=695& HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?gdpr=1&dpid=695&&s_h=1 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7206&nid=1197&put=fc51c1be-6f14-4013-9d20-a31667337560&expires=30&gdpr=1&gdpr_consent=

Request Chain 234

https://sync.mathtag.com/sync/img?gdpr=1&mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D& HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=eccc5f24-575f-4300-a3e5-939a4b9321fd

Request Chain 235

https://i.w55c.net/ping_match.gif?gdpr=1&ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30& HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=tN5NuuG61K1z0r5&expires=30&

234 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W Show response
www.reuters.com/article/us-cyber-cwt-ransom/
Redirect Chain

https://reut.rs/3jXvpRY
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

227 KB
58 KB

483ms
434ms

Document
text/html

143.204.201.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.68 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-68.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: 0cffe77f7520fe2aa8b9676b1a05bab42b5e755e083a941168f52a9771e29a96

Request headers

:method: GET
:authority: www.reuters.com
:scheme: https
:path: /article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html;charset=UTF-8
access-control-allow-headers: Access-Control-Allow-Origin,charset
access-control-allow-origin: http://admin.reuters.com
browser-expires: Fri, 31 Jul 2020 17:39:17 GMT
channel-name: RCOMUS_Cyberrisk
content-encoding: gzip
date: Fri, 31 Jul 2020 17:39:17 GMT
expires: Fri, 31 Jul 2020 17:54:17 GMT
last-updateda: Fri, 31 Jul 2020 15:03:18 GMT
server: nginx
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: vivoZbGv2z07FznAUYXtdRRhao60ZSEGC0t9AxGQBuBX_nTbqKPf3Q==

Redirect headers

status: 301
cache-control: private, max-age=90
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Fri, 31 Jul 2020 17:39:16 GMT
location: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
referrer-policy: unsafe-url
server: nginx
set-cookie: _bit=k6vhDg-f0e18e56b85a93c30a-004; Domain=reut.rs; Expires=Wed, 27 Jan 2021 17:39:16 GMT
strict-transport-security: max-age=1209600
content-length: 225

GET
H2 200 article.bundle.css
static.reuters.com/resources_v2/react/CKB-23169-b72/ 149 KB
16 KB 225ms
65ms Stylesheet
text/css 13.35.254.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/article.bundle.css
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.2 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-2.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: faf40c6481d024246ae76970ee7b8346a54da9a19f5ad61f2384bcd13b09f3a9

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:22:57 GMT
content-encoding: gzip
age: 982
x-cache: Hit from cloudfront
status: 200
content-length: 16091
last-modified: Thu, 16 Jul 2020 21:01:56 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
via: 1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)
cache-control: max-age=7200
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: q4aJQt87ONaWRNFop-ldxpqwggvl3vqpv5qV9EkQWkLQKmmxT43m6Q==
expires: Fri, 31 Jul 2020 19:22:55 GMT

GET
H2 200 common.bundle.css
static.reuters.com/resources_v2/react/CKB-23169-b72/ 480 KB
279 KB 190ms
30ms Stylesheet
text/css 13.35.254.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.css
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.2 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-2.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 0d445873a2c993e05b6f3566da0b249eb88f249449cf877f2137a10130dd9c56

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 16:11:28 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 21:02:05 GMT
server: nginx
age: 5269
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: max-age=7200
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: U2ovmCfTbsPe1oqYJeWi9JX8Opy40GLOmsLkHs06GDGWrfD2VkN1cQ==
via: 1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)
expires: Fri, 31 Jul 2020 18:11:28 GMT

GET jquery-3.4.1.min.js
code.jquery.com/ 0
0

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 19 KB
8 KB 29ms
6ms Script
application/x-javascript 2600:9000:2057:a800:18:1fcd:34e:d2a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:a800:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c1acfa727754dab58bedc79995a642e235c6fde6449824c4fba4318fc060c91c

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:01:33 GMT
content-encoding: gzip
last-modified: Wed, 14 Aug 2019 01:44:12 GMT
server: nginx
age: 2264
etag: W/"5d53676c-4a99"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: P1LbI0PpHK5i-oGBwo_7aw150vacnJ9yWZkblFU-QryOPqiwUR_hhQ==
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
expires: Fri, 31 Jul 2020 19:01:33 GMT

GET
H2 200 embedder.bundle.js Show response
queso-cdn.prod.reuters.tv/new/assets/ 50 KB
13 KB 288ms
7ms Script
application/javascript 2600:9000:214f:8400:1e:ef1b:aa40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://queso-cdn.prod.reuters.tv/new/assets/embedder.bundle.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:8400:1e:ef1b:aa40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: b530d2f33467c65e254999ed904332bc40a5aa25c750229790295f6742938b6f

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:38:19 GMT
content-encoding: gzip
x-origin: i-0ed89f74a956db665.queso.prod.us.reuters.tv
age: 116
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Tue, 10 Dec 2019 21:26:03 GMT
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
access-control-allow-headers: connection, range, accept-encoding, user-agent, referer, content-type
x-amz-cf-id: N3-E-I1i9kBc5cOPDkU6PyN98jGy4XjytmQDWuthNxqLpU0wriEEnQ==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 301 KB
87 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d2d37437a109f838b21f4412430585ee6f73d5a89bb038bfa6f98c3949765679

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:17 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89387
x-xss-protection: 0
last-modified: Fri, 31 Jul 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 31 Jul 2020 17:39:17 GMT

GET
H2 200 3aae9fd5da3557fba61d6444cb943643.png
static.reuters.com/resources_v2/react/CKB-23169-b72/ 1 KB
2 KB 173ms
30ms Image
image/png 13.35.254.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/3aae9fd5da3557fba61d6444cb943643.png
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.2 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-2.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 6346ee09058d555984eb04aac881775c926b5d9d4f73ca91493f7cb708ed90df

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 23:59:44 GMT
content-encoding: gzip
age: 63573
x-cache: Hit from cloudfront
status: 200
content-length: 1539
last-modified: Thu, 16 Jul 2020 21:01:46 GMT
server: nginx
vary: Accept-Encoding
content-type: image/png
via: 1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: gfmVdVd2Fq1rD5U1UdtRy8QtGXW9PaNWeHhEcpo8LfMqpOkQC6shlQ==
expires: Fri, 31 Jul 2020 23:59:44 GMT

GET
H2 200 /
s3.reutersmedia.net/resources/r/ 687 B
1 KB 133ms
51ms Image
image/jpeg 13.35.254.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.reutersmedia.net/resources/r/?m=02&d=20200731&t=2&i=1527877045&r=LYNXNPEG6U1D5&w=20
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.2 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-2.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: b5771462426214dd38f38352be4e5018e2d479df771d17d87723969efab65a49

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 15:03:49 GMT
via: 1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 15:03:45 GMT
server: nginx
age: 9327
etag: "99ad09d534e9cd2cfa262e77d01586b5"
x-cache: Hit from cloudfront
x-amz-version-id: PXHk6IkLtD2pt0PIqdPJZ3WIZqK3k.av
status: 200
x-amz-cf-pop: FRA6-C1
content-type: image/jpeg
content-length: 687
x-amz-cf-id: MHsoYLzh-Y_FSZ4WvarSvLdSiFdfFAfLYt8RcPaZy6Oh5EV7ntVq_Q==

GET
H2 200 /
s4.reutersmedia.net/resources/r/ 42 KB
42 KB 137ms
42ms Image
image/jpeg 13.35.254.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s4.reutersmedia.net/resources/r/?m=02&d=20200731&t=2&i=1527877047&r=LYNXNPEG6U1D9
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.2 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-2.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 09c52e5ea3fdb1ac6d74bf9c68a5411ae21355fb33afd30b8b37c434c3338e2a

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 15:03:49 GMT
via: 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 15:03:45 GMT
server: nginx
age: 9327
etag: "d2c4ae5113a50834133f423b9565d7aa"
x-cache: Hit from cloudfront
x-amz-version-id: C0cntzZ8DoRgeITqsscUR_ZjzuW8xrP8
status: 200
x-amz-cf-pop: FRA6-C1
content-type: image/jpeg
content-length: 43013
x-amz-cf-id: W-tcFGPMMwp8f4QdONqEG1TNW9ktbrfinl47BHs0Q98UYz52KO4Y5g==

GET
H2 200 common.bundle.js Show response
static.reuters.com/resources_v2/react/CKB-23169-b72/ 755 KB
182 KB 206ms
65ms Script
application/javascript 13.35.254.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.2 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-2.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 08403f71ba79ddfc050c707a58a0b0f81e42dd8352249f0525eb74039df12080

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:31:12 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 21:02:06 GMT
server: nginx
age: 491
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: b6TcOjGPIoUBGtB5fO5080lufx9rxacSQQv-hEFk6MK6-6_vfaXWqw==
via: 1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)
expires: Fri, 31 Jul 2020 19:31:06 GMT

GET
H2 200 article.bundle.js Show response
static.reuters.com/resources_v2/react/CKB-23169-b72/ 367 KB
53 KB 206ms
65ms Script
application/javascript 13.35.254.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/article.bundle.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.2 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-2.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 96c55d1a0e501bee6c3b9b91eaccdfb7ed17698f20a219d662c837b595a6824f

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:36:17 GMT
content-encoding: gzip
age: 180
x-cache: Hit from cloudfront
status: 200
content-length: 53901
last-modified: Thu, 16 Jul 2020 21:01:57 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)
cache-control: max-age=7200
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: FgddAd-VAZHXWXMHryLJ_c402p5eaeFWo1f8XAmihviWsSyAihJuoQ==
expires: Fri, 31 Jul 2020 19:36:17 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 5018
date: Fri, 31 Jul 2020 16:15:39 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Fri, 31 Jul 2020 18:15:39 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 70 KB
28 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-TBBXQQ&t=gtm2&cid=741099389.1596217158

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

272cd4d0dee4106eced14bb1d9cd89bf655fd0bbc39d6bcaece6b1da3bafbc0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:17 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28100
x-xss-protection: 0
last-modified: Fri, 31 Jul 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 31 Jul 2020 17:39:17 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 36ms
24ms Script
application/javascript 2a00:1450:4001:818::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

5153251b2f264cfb98970a4928ad4a7952267cfba192e68430bb73451a7f4dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:17 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
status: 200
cache-control: no-cache
content-type: application/javascript
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflnEPkPm/ 88 KB
32 KB 64ms
6ms Script
text/javascript 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflnEPkPm/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9907c69c720960431e4ba9ebe031e010ca948dee8a328fe4c1e49d1fef1dfbc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 16:37:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90092
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32184
x-xss-protection: 0
last-modified: Mon, 27 Jul 2020 20:53:09 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 07 Aug 2020 16:37:45 GMT

GET
DATA 200
OK truncated
/ 49 KB
49 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f01d25f7a76e0682a7a43230c32bef653eaf28b8a6f7a683ebb88bf8c6aa4f50

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin: https://www.reuters.com

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 49 KB
49 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7d62426c6b87d35cef5c2c873355aa44edffcf4a7f927f1c51b10694ea4f6ed

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin: https://www.reuters.com

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 71 KB
71 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee0768f9d2def8b13df284410776f5d755109e77b5c0ca17d8895f65b343a0cd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin: https://www.reuters.com

Response headers

Content-Type: application/font-woff

GET
H2 200 evidon-sitenotice-tag.js Show response
c.evidon.com/sitenotice/ 56 KB
15 KB 43ms
12ms Script
application/x-javascript 23.66.28.46
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.66.28.46 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-66-28-46.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f1c91bcbd2f759449d7df5fb84422d1f4e3ead74e43f9d34efb4ec8569f14510

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 14670
last-modified: Thu, 30 Jul 2020 16:33:40 GMT
server: AkamaiNetStorage
etag: "9ce4d18df807d4db892430cdd76963e3:1596126820.152575"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Sat, 01 Aug 2020 17:39:39 GMT

GET
H2 200 country.js Show response
c.evidon.com/geo/ 252 B
451 B 53ms
22ms Script
application/x-javascript 23.66.28.46
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/country.js
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.66.28.46 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-66-28-46.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: fd6321a73fa53c24f5ac39432a3eaf12305d410b415349e19278548b8a4deb75

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: gzip
last-modified: Fri, 13 Mar 2020 23:46:45 GMT
server: AkamaiNetStorage
status: 200
etag: "61397050076da6e6062ac7b53a8ef498:1584143205.714402"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 174

GET
H2 200 snthemes.js Show response
c.evidon.com/sitenotice/1237/ 48 KB
4 KB 53ms
23ms Script
application/x-javascript 23.66.28.46
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/1237/snthemes.js
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.66.28.46 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-66-28-46.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 78d7768fb1213eced669894455aac7c1bfb17452b25ef69859ab7617cb85856f

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 3701
last-modified: Fri, 26 Jun 2020 14:04:50 GMT
server: AkamaiNetStorage
etag: "250e5fd831f93b742b230a49f56ee029:1593180290.533778"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Sat, 01 Aug 2020 17:39:39 GMT

GET
H2 200 settings.js Show response
c.evidon.com/sitenotice/1237/reuters/ 19 KB
3 KB 54ms
23ms Script
application/x-javascript 23.66.28.46
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/1237/reuters/settings.js
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.66.28.46 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-66-28-46.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7962dce1427363ac8964c27e8a221d2b6f320fa55f7e32df3508b288d99ff915

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 2681
last-modified: Wed, 01 Jul 2020 02:14:34 GMT
server: AkamaiNetStorage
etag: "ab26685e301ed5649625ade2ef42d4cf:1593569674.617377"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Sat, 01 Aug 2020 17:39:39 GMT

GET
H/1.1 200
OK service Show response
usasync01.admantx.com/admantx/ 467 B
663 B 378ms
91ms XHR
text/plain 2406:da00:ff00::36e1:c929
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://usasync01.admantx.com/admantx/service?request=%7B%22key%22%3A%22234330834c41105ad5ed794fa036e085b40225c44f9228bb9e2692f427917605%22%2C%20%22decorator%22%3A%22template.reuters_ss%22%2C%20%22filter%22%3A%5B%22default%22%5D%2C%20%22method%22%3A%22descriptor%22%2C%20%22mode%22%3A%22async%22%2C%20%22type%22%3A%22URL%22%2C%20%22body%22%3A%22https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W%22%7D
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2406:da00:ff00::36e1:c929 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: bb56e9cb6a9934d4d3c871e6aa711d2168e0c74c02cc3388539fe50e57091dca

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 31 Jul 2020 17:39:39 GMT
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 467
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK iasPET.1.js Show response
cdn.adsafeprotected.com/ 22 KB
7 KB 82ms
23ms Script
application/javascript 143.204.201.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adsafeprotected.com/iasPET.1.js
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.119 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-119.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 54138d578ed166d5381db70b3dd14a16830233553b6e4213402bae2fdb0564b4

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 27 Jul 2020 22:27:17 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 08 Jul 2020 20:34:30 GMT
Server: AmazonS3
Age: 328355
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
Cache-Control: max-age=604800
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA53-C1
X-Amz-Cf-Id: ZKgS0wnt_CDdHwHqWEANfb4f2egaEiuhUsJ0D5fCCM3Aq2UqXmADxg==

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/ 456 KB
96 KB 25ms
9ms Script
text/javascript 99.86.0.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.0.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-0-85.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d2fe32d253b1c23c584887a2d05bba8d56ad3b233081d190be436c70209ead2

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: y5dTauhZdIHZExKeLkayQo2haLRB.vAP
content-encoding: gzip
etag: "b571ddcfce959fdfb468fd0182ffb999"
age: 230
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-length: 98102
access-control-allow-origin: *
last-modified: Thu, 30 Jul 2020 21:13:33 GMT
server: AmazonS3
date: Fri, 31 Jul 2020 17:35:50 GMT
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a245.cloudfront.net (CloudFront)
cache-control: public, max-age=300
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: _rIJqZK_GjpGQtd0C3QzHYcq5o1HPqu3QIitbBJArKKUY4dmbDIG8g==

GET
H2 200 contextfeed.js Show response
www.dianomi.com/js/ 13 KB
4 KB 47ms
29ms Script
application/javascript 104.18.22.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/js/contextfeed.js?

Requested by

Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/article.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4dfb7c925e9a341c587ecc6af346f2cf875c63da4609858353eed31324e7ac48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1064
cf-polished: origSize=16301
status: 200
x-xss-protection: 1; mode=block
last-modified: Fri, 12 Jun 2020 10:37:13 GMT
server: cloudflare
etag: W/"3fad-5a7e0a8fd0bd3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 31 Jul 2020 21:39:39 GMT
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-request-id: 04478e55960000975a2ea62200000001
cf-ray: 5bb9199c2da0975a-FRA
cf-bgj: minify

GET
H2 200 breakingNews Show response
www.reuters.com/assets/ 1 B
373 B 57ms
44ms Fetch
application/json 143.204.201.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reuters.com/assets/breakingNews?view=json
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.68 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-68.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
via: 1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)
server: nginx
age: 79
status: 200
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: http://admin.reuters.com
x-amz-cf-pop: FRA53-C1
access-control-allow-headers: Access-Control-Allow-Origin,charset
content-length: 1
x-amz-cf-id: fOj9NE1XX4FUg-TDw0ncK7mXhb1RARmNgXmPCSCC7457jIW93hL9PA==
expires: Fri, 31 Jul 2020 17:38:19 GMT

GET
H2 200 /
s3.reutersmedia.net/resources/r/ 43 KB
43 KB 39ms
9ms Image
image/jpeg 13.35.254.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.reutersmedia.net/resources/r/?m=02&d=20200731&t=2&i=1527877045&r=LYNXNPEG6U1D5&w=1280
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.59 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-59.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 0541539bf2c978c0ddec342e71cdeeb6c741a149356dcf13a01ae4217d28e46b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 15:03:51 GMT
via: 1.1 9810d82af8847b51b9c3048141069a65.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 15:03:52 GMT
server: nginx
age: 9348
etag: "9820f131d19eb65a082f3c146a2cb7b4"
x-cache: Hit from cloudfront
x-amz-version-id: oObRweTrk8_OxeCSFKAdYD7GOFpoZAsA
status: 200
x-amz-cf-pop: FRA6-C1
content-type: image/jpeg
content-length: 43556
x-amz-cf-id: o3hOpcI7rm41TRunc-nDs4S5RA2uvkcf_eSKsrOE2dhJp2KJLLtrwA==

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 195 B
482 B 27ms
7ms XHR
application/json 2a04:4e42:1b::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=reuters.com&domain=reuters.com&path=%2Farticle%2Fus-cyber-cwt-ransom-idUSKCN24W25W
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::714 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cfd0da29a6d34ea44fb0035a3a1b409a4a66c091fb0f143ea2f73a643c3f8cef

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: gzip
age: 1738
x-cache: HIT
status: 200
x-cache-hits: 1
content-length: 161
x-served-by: cache-hhn4048-HHN
access-control-allow-origin: *
x-timer: S1596217180.616135,VS0,VE1
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Wed, 29 Jul 2020 17:10:41 GMT

GET
H2 200 reuters.js Show response
tru.am/scripts/custom/ 1 KB
1 KB 45ms
20ms Script
application/javascript 2606:4700:20::681a:274
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tru.am/scripts/custom/reuters.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:274 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f23d93c9b8e3ca26f6fcc6be6a8d087e43a3f5795daa3c61017071642f66f3c

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: br
cf-cache-status: HIT
age: 1177530
x-guploader-uploadid: AAANsUlK-rhqWIaSronpM69LDK3tSKdIlWTr545LHnYUXX1YBJwnHqKhyvJA1BK1p6ChhuoYauFsuyxDZP87axzJFw
x-goog-storage-class: REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 04478e55eb0000dfc76726c200000001
last-modified: Fri, 19 Apr 2019 06:14:57 GMT
server: cloudflare
etag: W/"40b7d4de06dae04ec0d6537ef2f54db8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=e3JHUg==, md5=QLfU3gba4E7A1lN+8vVNuA==
x-goog-generation: 1555654497328861
content-type: application/javascript
cache-control: public, max-age=2678400
x-goog-stored-content-length: 1056
cf-ray: 5bb9199caa3adfc7-FRA
expires: Sat, 18 Jul 2020 03:34:09 GMT

GET
H2 200 load Show response
experience.tinypass.com/xbuilder/experience/ 4 KB
1 KB 37ms
19ms Script
application/javascript 2606:4700::6811:b7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://experience.tinypass.com/xbuilder/experience/load?aid=TIDovF4cqC
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:b7b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd1dc64fac45e75fffefbd76f176c6ea118ab79b88b3efddc5642d4e7c76d4fe

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: br
cf-cache-status: HIT
age: 440
p3p: CP="NON DSP COR OUR IND"
status: 200
x-forwarded-https: on
cf-request-id: 04478e55e4000005e9d6b9a200000001
x-request-id: CvpgceqNFTN
wn: prod-exp-10-0-128-131
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: accept-encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=1800
cf-ray: 5bb9199ca9dd05e9-FRA
expires: Fri, 31 Jul 2020 18:09:39 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 70 KB
28 KB 31ms
17ms Script
application/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-KBK7743&cid=741099389.1596217158

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

846c2798cd350c5a6d3757b68e2e5bd8b4c8d6ab1f0abaa39ef6f2caf5af87f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28049
x-xss-protection: 0
last-modified: Fri, 31 Jul 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 31 Jul 2020 17:39:39 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 19ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:18:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 1290
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Fri, 31 Jul 2020 18:18:09 GMT

GET
H2 200 context.pl Show response
www.dianomi.com/cgi-bin/ 2 KB
817 B 81ms
65ms XHR
application/json 104.18.23.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/cgi-bin/context.pl?id=4&h=www.reuters.com

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38f82a586c4984fdc89697da37dac16d17ed9c1d619510ed32991778b3e21b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/json; charset=ISO-8859-1
access-control-allow-origin: https://www.reuters.com
x-xss-protection: 1; mode=block
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 5bb9199d9d281756-FRA
cf-request-id: 04478e567e000017567823c200000001
expires: Fri, 31 Jul 2020 17:40:39 GMT

GET
H2 200 en.js Show response
c.evidon.com/sitenotice/1237/translations/ 65 KB
6 KB 43ms
12ms Script
application/x-javascript 23.66.28.46
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/1237/translations/en.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.66.28.46 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-66-28-46.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 0301abe27c75fe3b60eff31ce1d31238c9b84d4f36c037bacf0a8656b6a6fb45

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 5633
last-modified: Wed, 01 Jul 2020 01:41:52 GMT
server: AkamaiNetStorage
etag: "e21cd11f7f077dfa60a4974f4e56a950:1593567712.14839"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Sat, 01 Aug 2020 17:39:39 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 134 KB
34 KB 26ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f630c6ea4e44c35a93c0ee2950e68857311d9500d6025abe4a5db3ecaf270e3c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34220
x-xss-protection: 0
pragma: public
x-fb-debug: wZLQWQYFNbgXPIxADS3eI1UwmpEpOozRiz0nl7voFsBBUwp6RHxvPMRLf5MaeF+lD2dSFiwpxfm+D45tnp7M3A==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 31 Jul 2020 17:39:39 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 5040
date: Fri, 31 Jul 2020 16:15:39 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Fri, 31 Jul 2020 18:15:39 GMT

GET
H2 200 tinypass.min.js Show response
cdn.tinypass.com/api/ 385 KB
122 KB 59ms
41ms Script
application/javascript 2606:4700::6811:b9b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tinypass.com/api/tinypass.min.js
Requested by: Host: experience.tinypass.com
URL: https://experience.tinypass.com/xbuilder/experience/load?aid=TIDovF4cqC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:b9b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef9bed8b77ddadf9dd0ba854bd22bc480ba1bbf2c01308183065f4ab729e30a5

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: br
cf-cache-status: HIT
age: 107
p3p: CP="NON DSP COR OUR IND"
status: 200
x-forwarded-https: on
cf-request-id: 04478e56900000d715130e4200000001
wn: prod-dash-10-0-89-149
last-modified: Thu, 30 Jul 2020 12:16:20 GMT
server: cloudflare
etag: W/"394312-1596111380000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
server-time: 0.001
cache-control: public, max-age=300
cf-ray: 5bb9199db98dd715-FRA
expires: Fri, 31 Jul 2020 17:44:39 GMT

GET
H2 200 ta-pagesocial-sdk.js Show response
tru.am/scripts/ 35 KB
13 KB 40ms
22ms Script
application/javascript 2606:4700:20::681a:374
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Requested by: Host: tru.am
URL: https://tru.am/scripts/custom/reuters.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:374 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b8d8ef7fec86e16424f0c6be7f0471a0c29256e074e1336d92876ddb4bc09ff

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: br
cf-cache-status: HIT
age: 1177544
x-guploader-uploadid: AAANsUlz9Yip85RfgS4jGavu6PDS8YEyP7WdDck7YcMKysD_x9qSJ9Qiyi4E5v-ygmEAlwDD_aGRLlN8Bnsmjdj3lw
x-goog-storage-class: REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 04478e5690000005e45eb69200000001
last-modified: Fri, 19 Apr 2019 06:14:55 GMT
server: cloudflare
etag: W/"942d5ae1e512ccdf18813550428dd002"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=O7AZFg==, md5=lC1a4eUSzN8YgTVQQo3QAg==
x-goog-generation: 1555654495662585
content-type: application/javascript
cache-control: public, max-age=2678400
x-goog-stored-content-length: 35540
cf-ray: 5bb9199dbeca05e4-FRA
expires: Sat, 18 Jul 2020 03:33:55 GMT

GET
H2 200 ads.js Show response
www.reuters.com/ 112 B
551 B 141ms
125ms Script
text/javascript 143.204.201.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reuters.com/ads.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.68 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-68.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: 7464555aae6d8d87b77f7170fba1698ff64f7454ded58627ca1819246e9a9969

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
browser-expires: Fri, 31 Jul 2020 17:39:39 GMT
server: nginx
x-amz-cf-pop: FRA53-C1
status: 200
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: http://admin.reuters.com
content-encoding: gzip
access-control-allow-headers: Access-Control-Allow-Origin,charset
content-length: 116
via: 1.1 48391c4ed2c51e95dcabcb70cf613127.cloudfront.net (CloudFront)
x-amz-cf-id: d3oygWI0zIABm7MNWNugeRHyjlcnPUl0TEdh59IjQlW_OVq1Saxx6A==
expires: Fri, 31 Jul 2020 17:44:39 GMT

GET
H2 200 evidon-barrier.js Show response
c.evidon.com/sitenotice/ 14 KB
4 KB 35ms
13ms Script
application/x-javascript 23.66.28.46
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/evidon-barrier.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.66.28.46 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-66-28-46.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 33a31901a144a24e7f7153b2ec965007bb58abea0129ec9e7691d468f959569b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 4195
last-modified: Thu, 30 Jul 2020 16:33:42 GMT
server: AkamaiNetStorage
etag: "7f2ec5e4f730c536377c12dea517d463:1596126822.602664"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Sat, 01 Aug 2020 17:39:39 GMT

GET
H2 200 iabevidonmapping.js Show response
iabmap.evidon.com/ 8 KB
3 KB 40ms
7ms Script
application/javascript 2600:9000:2057:be00:10:27b4:f500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://iabmap.evidon.com/iabevidonmapping.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:be00:10:27b4:f500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 21a22ffbb31ae72c9efc1970ad750dc83454831721ca163bc6cda04dae21a7d7

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:07:28 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 19:37:07 GMT
server: AmazonS3
age: 84732
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: UHMgx7cJm3ZwsS31xlM9ykElZ8Iw_YsgnbgRFkiX7zG0l3io9ZT7KA==
via: 1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)

GET
H2 200 evidon-cmp.js Show response
c.evidon.com/sitenotice/ 22 KB
7 KB 34ms
14ms Script
application/x-javascript 23.66.28.46
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.66.28.46 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-66-28-46.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 15b35c3833a358a2d4da3777fc699f98434d8ad633f05f18b0189ff9425d6ec6

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: gzip
vary: Accept-Encoding
status: 200
content-length: 6629
last-modified: Thu, 30 Jul 2020 16:33:42 GMT
server: AkamaiNetStorage
etag: "e61a04bf376822e01eb2bff13a2813cd:1596126822.412007"
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
expires: Sat, 01 Aug 2020 17:39:39 GMT

GET
H2 204 2
l.betrad.com/site/v3/1237/5669/3/1/3/ 0
120 B 290ms
96ms Image
text/plain 34.193.24.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/1237/5669/3/1/3/2?consent=0
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.24.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-24-72.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Fri, 31 Jul 2020 17:39:40 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H2 200 312961195854690 Show response
connect.facebook.net/signals/config/ 523 KB
132 KB 14ms
13ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/312961195854690?v=2.9.22&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

476773611cfd8347aa976f40a792dc590a21d9035bee72917202c95cc95401cd

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 135167
x-xss-protection: 0
pragma: public
x-fb-debug: o4ZGFbYpD0DRw0XkwpOEr6PvO6VG1ymLM043UdLMmXH5OmFiAqw/K2z8rGw5yUuGASHdiDWE/Q3Au2w9rvpuMg==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 31 Jul 2020 17:39:39 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 article-recirc Show response
sope.prod.reuters.tv/program/rcom/v1/ 13 KB
13 KB 103ms
103ms Fetch
application/json 2600:1f18:624f:b001:d0e0:37be:96ba:aebb
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sope.prod.reuters.tv/program/rcom/v1/article-recirc?edition=us&pageid=USKCN24W25W&modules=rightrail,ribbon,bottom
Requested by: Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:624f:b001:d0e0:37be:96ba:aebb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 0f8f1f84e96e20a05a88c26d795dbeefe2329e6532727849e70759378c5507f4

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
seq: f567d06f-4b4d-435d-8d81-84fb25ce6b33

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
x-origin: i-0fc78495aa2e07445.sope.prod.us.reuters.tv
server: nginx/1.14.0 (Ubuntu)
x-amzn-trace-id: Root=1-5f24575c-2f4e7142bc1b1e80e03aee3a
status: 200
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: connection, range, accept-encoding, user-agent, referer, seq
content-length: 13498

GET
H2 200 bidexchange.js Show response
contextual.media.net/ 439 KB
123 KB 53ms
33ms Script
text/javascript 23.210.250.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1

Requested by

Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.250.97 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-250-97.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0312527b22556033b32304fb26837927f03b0bf4f8c96f7169e4db49fcb0fce2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Fri, 31 Jul 2020 17:39:39 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=1800
expires: Fri, 31 Jul 2020 18:09:39 GMT

GET
H2 200 vendorlist.json Show response
www.reuters.com/json/api/ 89 KB
89 KB 36ms
30ms XHR
application/json 143.204.201.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reuters.com/json/api/vendorlist.json
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.68 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-68.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: 61c564503fd8c3d2e54685465eaac1999b423c7a7c85fc40f6ac16fc95b44110

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:37:37 GMT
via: 1.1 48391c4ed2c51e95dcabcb70cf613127.cloudfront.net (CloudFront)
server: nginx
age: 126
status: 200
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
access-control-allow-headers: Access-Control-Allow-Origin,charset
content-length: 90787
x-amz-cf-id: y0Pt4FUWsH8yzjBridz5E68uJS_TBlTQnEze8r4Yh9lxjlDcUn4Vyw==
expires: Fri, 31 Jul 2020 17:37:31 GMT

GET
H2 200 vendorlist.json Show response
www.reuters.com/json/api/ 89 KB
89 KB 23ms
18ms XHR
application/json 143.204.201.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reuters.com/json/api/vendorlist.json
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.68 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-68.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: 61c564503fd8c3d2e54685465eaac1999b423c7a7c85fc40f6ac16fc95b44110

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:37:37 GMT
via: 1.1 48391c4ed2c51e95dcabcb70cf613127.cloudfront.net (CloudFront)
server: nginx
age: 126
status: 200
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
access-control-allow-headers: Access-Control-Allow-Origin,charset
content-length: 90787
x-amz-cf-id: ULRxCuESg-7HTzZsfc0mLB9rZkBWFoYyD6NacTOlpxAkJ_B-WukJzg==
expires: Fri, 31 Jul 2020 17:37:31 GMT

GET
H2 204 61500
l.betrad.com/site/v3/1237/5669/3/5/3/2/ 0
120 B 223ms
97ms Image
text/plain 34.193.24.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/1237/5669/3/5/3/2/61500?consent=0
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.24.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-24-72.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Fri, 31 Jul 2020 17:39:40 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H2 204 61500
l.betrad.com/site/v3/1237/5669/3/1/3/2/ 0
120 B 222ms
96ms Image
text/plain 34.193.24.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/1237/5669/3/1/3/2/61500?consent=0
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.24.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-24-72.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Fri, 31 Jul 2020 17:39:40 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H2 200 dianomi-context.css
www.dianomi.com/partner/dianomi/css/ 169 B
350 B 19ms
19ms Stylesheet
text/css 104.18.23.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/partner/dianomi/css/dianomi-context.css?v=1.1

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99781410070a5dd4d753fdb8a46f4272082b5be64541dcfcb1b2d3c4aea09c6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72
cf-polished: origSize=199
status: 200
x-xss-protection: 1; mode=block
last-modified: Mon, 21 Jan 2019 12:43:41 GMT
server: cloudflare
etag: W/"c7-57ff735e16ce7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
expires: Fri, 31 Jul 2020 21:39:39 GMT
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-request-id: 04478e56d10000175678240200000001
cf-ray: 5bb9199e1df91756-FRA
cf-bgj: minify

GET
H2 200 smartads.epl
www.dianomi.com/ Frame 15F6 0
0 111ms
110ms Document
text/html 104.18.23.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/smartads.epl?id=4728&num_ads=5&shuffle=0&cf=545.4.Reuters%20Feed&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.dianomi.com
:scheme: https
:path: /smartads.epl?id=4728&num_ads=5&shuffle=0&cf=545.4.Reuters%20Feed&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status: 200
date: Fri, 31 Jul 2020 17:39:39 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dd4ada1176911d81804b3c6efe86fdfb61596217179; expires=Sun, 30-Aug-20 17:39:39 GMT; path=/; domain=.dianomi.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
access-control-allow-credentials: true
expires: now
pragma: no-cache
cache-control: no-cache,no-store,private
link: </img/a/pss/2649/23.css>;rel=preload;as=style
cf-cache-status: DYNAMIC
cf-request-id: 04478e56dd0000175678245200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5bb9199e2e251756-FRA
content-encoding: br
cf-h2-pushed: </img/a/pss/2649/23.css>

GET
H2 200 videofeed-combined.js Show response
www.dianomi.com/js/ 21 KB
5 KB 19ms
18ms Script
application/javascript 104.18.23.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/js/videofeed-combined.js?id=123

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be32ab8a5fce6e41450bf1c29755452cea77040f40b2e9a7da91cc9f7450f5f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 38
cf-polished: origSize=31604
status: 200
x-xss-protection: 1; mode=block
last-modified: Thu, 25 Jun 2020 16:03:20 GMT
server: cloudflare
etag: W/"7b74-5a8eabb369d7c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 31 Jul 2020 21:39:39 GMT
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-request-id: 04478e56da0000175678244200000001
cf-ray: 5bb9199e2e1c1756-FRA
cf-bgj: minify

GET
H2 200 recirculation.epl
www.dianomi.com/ Frame 7E58 0
0 83ms
82ms Document
text/html 104.18.23.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/recirculation.epl?id=98&cf=545.4.Reuters%20Feed

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.dianomi.com
:scheme: https
:path: /recirculation.epl?id=98&cf=545.4.Reuters%20Feed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status: 200
date: Fri, 31 Jul 2020 17:39:39 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=dd4ada1176911d81804b3c6efe86fdfb61596217179; expires=Sun, 30-Aug-20 17:39:39 GMT; path=/; domain=.dianomi.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
cf-request-id: 04478e56e50000175678247200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5bb9199e3e371756-FRA
content-encoding: br

GET
H2 200 recirculation.epl
www.dianomi.com/ Frame 8BDC 0
0 67ms
66ms Document
text/html 104.18.23.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/recirculation.epl?id=99&start=6&cf=545.4.Reuters%20Feed

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.dianomi.com
:scheme: https
:path: /recirculation.epl?id=99&start=6&cf=545.4.Reuters%20Feed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status: 200
date: Fri, 31 Jul 2020 17:39:39 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=dd4ada1176911d81804b3c6efe86fdfb61596217179; expires=Sun, 30-Aug-20 17:39:39 GMT; path=/; domain=.dianomi.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
cf-request-id: 04478e56e90000175678248200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5bb9199e4e411756-FRA
content-encoding: br

GET
H2 200 lazyload.iife.min.js Show response
cdnjs.cloudflare.com/ajax/libs/vanilla-lazyload/10.20.1/ 5 KB
2 KB 34ms
18ms Script
application/javascript 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/vanilla-lazyload/10.20.1/lazyload.iife.min.js

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c514d4fb8244af230a89d2203522c6a67a55a3f161cfd4fca9f53301c0588ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 10179110
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 04478e56f90000c2fe0c3a2200000001
served-in-seconds: 0.003
timing-allow-origin: *
last-modified: Sun, 17 Feb 2019 22:45:51 GMT
server: cloudflare
etag: W/"5c69e41f-14cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5bb9199e58c6c2fe-FRA
expires: Wed, 21 Jul 2021 17:39:39 GMT

GET
H2 200 dianomi-max-200x38.png
www.dianomi.com/img/ 5 KB
5 KB 35ms
34ms Image
image/webp 104.18.23.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.dianomi.com/img/dianomi-max-200x38.png

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9882efec6c0157e8975f801fe48665942333635c9c2b9b3608345e1aa58827b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 167278
cf-polished: origFmt=png, origSize=31456
status: 200
content-disposition: inline; filename="dianomi-max-200x38.webp"
content-length: 5090
x-xss-protection: 1; mode=block
last-modified: Tue, 23 May 2017 10:48:47 GMT
server: cloudflare
etag: "7ae0-5502ebb78747a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Mon, 31 Aug 2020 03:39:39 GMT
cache-control: public, max-age=2628000
access-control-allow-credentials: true
cf-request-id: 04478e56eb0000175678249200000001
accept-ranges: bytes
cf-ray: 5bb9199e4e481756-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 pixeltrack.pl
www.dianomi.com/cgi-bin/ 77 B
225 B 42ms
41ms Image
image/gif 104.18.23.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.dianomi.com/cgi-bin/pixeltrack.pl?cf=545.4.Reuters%20Feed

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4fa79afcf5a5cc5a0f12dedaf825f11530e6397d723fe7044cd37ba3c248e57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:39 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
status: 200
content-length: 77
cf-request-id: 04478e56eb000017567824a200000001
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif; charset=ISO-8859-1
access-control-allow-origin: *
x-xss-protection: 1; mode=block
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 5bb9199e4e4a1756-FRA
expires: Thu, 30 Jul 2020 17:39:39 GMT

POST
H2 200 beacon
beacon.tru.am/ 0
0 164ms
128ms Fetch 2606:4700:20::681a:374
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.tru.am/beacon
Requested by: Host: tru.am
URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:374 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:40 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
access-control-allow-origin: https://www.reuters.com
cache-control: no-cache, private, max-age=0
cf-ray: 5bb9199e9d9dc2db-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
cf-request-id: 04478e571c0000c2db893c0200000001
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
DATA 200
OK truncated
/ 49 KB
49 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45610b21279531a97f9566b0f0f8a1d287a45ae4bc6bc545971af5cd7e393cc6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin: https://www.reuters.com

Response headers

Content-Type: application/font-woff

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 99 KB
18 KB 38ms
7ms XHR
application/json 2600:9000:2057:da00:1:af78:4c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:da00:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 62b07f5b473f87a3ebe9738f063584774f835dcf8b0c423cab5f8515c93553f5

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 16:11:19 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 91702
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 30 Jul 2020 16:00:38 GMT
server: AmazonS3
access-control-max-age: 604800
access-control-allow-methods: GET
x-amz-version-id: reOIFJV51MP7DSnJY4Drcaf.WGBefbQC
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA6-C1
content-type: application/json; charset=utf-8
x-amz-cf-id: cRYlb5j-5jZKWC74iI7rFl8S9cmgHvVKioVPkdq-M_GGIUxvmWxTbA==

POST
H2 200 execute Show response
experience.tinypass.com/xbuilder/experience/ 2 KB
2 KB 123ms
122ms XHR
application/json 2606:4700::6811:b9b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://experience.tinypass.com/xbuilder/experience/execute?aid=TIDovF4cqC
Requested by: Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:b9b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea7252bfcece3427bc7fc792757e789d164cadcd80ce08d318dfe67b09a33b17

Request headers

Accept: */*
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
content-encoding: br
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
status: 200
x-forwarded-https: on
cf-request-id: 04478e57cb0000d715130f5200000001
x-request-id: C42hcequ2Hh
pragma: no-cache
wn: prod-exp-10-0-131-94
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reuters.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 5bb9199fadbed715-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 smartads_video_json.pl Show response
www.dianomi.com/cgi-bin/ 3 B
307 B 64ms
63ms XHR
application/json 104.18.23.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/cgi-bin/smartads_video_json.pl?id=4729&cf=545.4.Reuters%20Feed

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/videofeed-combined.js?id=123

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.reuters.com
x-xss-protection: 1; mode=block
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, pre-check=0, post-check=0
access-control-allow-credentials: true
cf-ray: 5bb9199fb9001756-FRA
cf-request-id: 04478e57ce000017567826c200000001

GET
DATA 200
OK truncated
/ 38 B
38 B Other
image/webp

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 21ms
7ms Script
application/x-javascript 23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 31 Jul 2020 17:39:40 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sat, 01 Aug 2020 17:39:40 GMT

GET
H2 200 gwiq.js Show response
gwiqcdn.globalwebindex.net/gwiq/ 6 KB
6 KB 90ms
6ms Script
application/javascript 35.201.93.216
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gwiqcdn.globalwebindex.net/gwiq/gwiq.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.93.216 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 216.93.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 6aa7c3edbc1ee1fe66d4db0fea18aa2d0bbe0dfae05d228c9ffeeaeacb6f1c53

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:03:22 GMT
age: 2178
x-guploader-uploadid: AAANsUljHM7aoc9viMNceh9NFOZdbrzjHDNY256mfYtCvbRpm55SybeI239wNstHFyyipkbtpdG-vJSkEUgBHL75x_dBiU7njg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 5766
last-modified: Wed, 15 Apr 2020 08:49:27 GMT
server: UploadServer
etag: "aba61abde9777087262fb27526ba1ef6"
x-goog-hash: crc32c=yYfjgA==, md5=q6Yavel3cIcmL7J1Jroe9g==
x-goog-generation: 1586940567400828
cache-control: public, max-age=3600
x-goog-stored-content-length: 5766
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 31 Jul 2020 18:03:22 GMT

GET
H2 200 tc.js Show response
contextual.media.net/ 11 KB
7 KB 17ms
16ms Script
text/javascript 23.210.250.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/tc.js?&tpkey=TB4M82W&size=300x250&v=19&nat=1&https=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.250.97 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-250-97.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

3c0d27b79bfe51d6abbc99eb79bd7731804fa80823d85bce422ee364185c6126

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Fri, 31 Jul 2020 17:39:40 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=172800
content-length: 6573
expires: Sun, 02 Aug 2020 17:39:40 GMT

GET
H2 200 tc.js Show response
contextual.media.net/ 13 KB
8 KB 14ms
14ms Script
text/javascript 23.210.250.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/tc.js?&tpkey=T645KQG&size=728x90&v=19&nat=1&https=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.250.97 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-250-97.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d27b59be0fa35fd199035fb3d095a553cf11e6c7b44d583b2942650fc3da5977

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Fri, 31 Jul 2020 17:39:40 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=172800
content-length: 7712
expires: Sun, 02 Aug 2020 17:39:40 GMT

GET
H2 200 px.gif
contextual.media.net/ 43 B
206 B 7ms
6ms Image
image/gif 23.210.250.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/px.gif?&ch=1&vn=1

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.250.97 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-250-97.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
last-modified: Wed, 19 Jul 2017 10:11:12 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/gif
status: 200
cache-control: max-age=1076684
accept-ranges: bytes
content-length: 43
expires: Thu, 13 Aug 2020 04:44:24 GMT

GET
H/1.1 200
OK px.gif
s.mnet-ad.net/ 43 B
356 B 381ms
126ms Image
image/gif 66.81.204.228
CONFLUENCE-NETWOR...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.mnet-ad.net/px.gif?&ch=2&vn=1
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 66.81.204.228 , Virgin Islands (British), ASN40034 (CONFLUENCE-NETWORK-INC, VG),
Reverse DNS
Software: Apache /
Resource Hash: 8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 31 Jul 2020 17:39:40 GMT
Last-Modified: Wed, 19 Jul 2017 10:11:12 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=126
Content-Length: 43
Expires: Fri, 14 Aug 2020 17:39:40 GMT

GET
H2 200 intersection-observer.js Show response
www.dianomi.com/js/ 13 KB
4 KB 27ms
24ms Script
application/javascript 104.18.23.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dianomi.com/js/intersection-observer.js

Requested by

Host: www.dianomi.com
URL: https://www.dianomi.com/js/videofeed-combined.js?id=123

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.230 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8567ea9f657a5f2ea1633ec26b13de309f60f0921a278db2a9be91d2e48984e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 38
cf-polished: origSize=29813
status: 200
x-xss-protection: 1; mode=block
last-modified: Thu, 21 May 2020 13:02:02 GMT
server: cloudflare
etag: W/"7475-5a6281e5fc48b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
expires: Fri, 31 Jul 2020 21:39:40 GMT
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-request-id: 04478e58390000175678274200000001
cf-ray: 5bb919a05a611756-FRA
cf-bgj: minify

GET
H2 200 rtbsspub
cdneu-xch.media.net/AdExchange/ 48 KB
49 KB 88ms
48ms EventSource
text/event-stream 23.62.140.165
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdneu-xch.media.net/AdExchange/rtbsspub?&gdpr=1&gdprconsent=0&usp_enf=1&usp_status=0&us_privacy=1---&cid=8CUF1VN4G&region=eu&ptrid=8PRL4E7N3&requestString=391166652*23%7C300x250~300x600%7C8CUF1VN4G%7C12762257~12762257%7C%7C%7C1%40391166652*29%7C300x250~300x600%7C11384%7C31484_123996_15~31484_123996_10%7C%7C%7C1%40391166652*51%7C300x250~300x600%7C973973%7C11084976~11084976%7C0.07%7C%7C1%40391166652*59%7C300x250~300x600%7C8CUF1VN4G%7C_112891~_112891%7C0.07%7C%7C1%40391166652*74%7C300x250~300x600%7C1113800%7C12209207~12209207%7C%7C%7C1%40391166652*84%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652%7C%7C%7C3%40391166652*97%7C300x250~300x600%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C0.63%7C%7C1%40391166652*108%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*117%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*145%7C300x600~300x250%7C100600%7C147215~147215%7C%7C%7C1%40391166652*172%7C300x250~300x600%7C8CUF1VN4G%7C15331955~15331955%7C0.06%7C%7C1%40391166652*175%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C0.01%7C%7C1%40391166652*178%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*201%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*203%7C300x250~300x600%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*214%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*222%7C300x250~300x600%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*3007%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*3010%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*3015%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652~391166652%7C%7C%7C3%40451439109*23%7C300x250%7C8CUF1VN4G%7C12762293%7C%7C%7C1%40451439109*29%7C300x250%7C11384%7C31484_123998_15%7C%7C%7C1%40451439109*51%7C300x250%7C973973%7C11084979%7C0.07%7C%7C1%40451439109*59%7C300x250%7C8CUF1VN4G%7C_112891%7C0.07%7C%7C1%40451439109*84%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109%7C%7C%7C3%40451439109*97%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C0.63%7C%7C1%40451439109*108%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*117%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*145%7C300x250%7C100600%7C147218%7C%7C%7C1%40451439109*172%7C300x250%7C8CUF1VN4G%7C15331958%7C0.06%7C%7C1%40451439109*175%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C0.01%7C%7C1%40451439109*178%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*203%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*214%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*222%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*3007%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*3010%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*3014%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40612341223*23%7C728x90%7C8CUF1VN4G%7C12762257%7C%7C%7C1%40612341223*29%7C728x90~970x250%7C11384%7C31484_123996_2~31484_123996_57%7C%7C%7C1%40612341223*51%7C728x90%7C973973%7C11084975%7C0.69%7C%7C1%40612341223*59%7C728x90~970x250%7C8CUF1VN4G%7C_112891~_112891%7C0.07%7C%7C1%40612341223*74%7C728x90~970x250%7C1113800%7C12209209~12209209%7C%7C%7C1%40612341223*84%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223%7C%7C%7C3%40612341223*97%7C728x90~970x250%7C8CUF1VN4G%7C612341223_8CUF1VN4G~612341223_8CUF1VN4G%7C0.63%7C%7C1%40612341223*108%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*117%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*145%7C728x90~970x250%7C100600%7C147214~147214%7C%7C%7C1%40612341223*172%7C728x90~970x250%7C8CUF1VN4G%7C15303527~15303527%7C0.06%7C%7C1%40612341223*175%7C728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C0.01%7C%7C1%40612341223*178%7C728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C1%40612341223*203%7C728x90~970x250%7C8CUF1VN4G%7C612341223_8CUF1VN4G~612341223_8CUF1VN4G%7C%7C%7C1%40612341223*214%7C970x250~728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G~612341223_8CUF1VN4G%7C%7C%7C1%40612341223*222%7C728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C1%40612341223*3007%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*3010%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*3015%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223~612341223%7C%7C%7C3&crid=391166652%2C451439109%2C612341223&sd=1&requrl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&bl=1&rt=5&dn=https://www.reuters.com&https=1&act=headerBid&prvReqId=341544425680510531596217180192&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.6069901527409207&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A7286%7D&itype=HB&cc=DE&rc=SN&ct=FALKENSTEIN&sid=8973&scc=1&tmt=200&section=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&prid=8PRVCXX19&switch=1
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.62.140.165 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f243b2baeee81a3d0035c388f7e682d3a3b05dbc634e0ef0f2fb95f15a816a2b

Request headers

Accept: text/event-stream
Cache-Control: no-cache
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:40 GMT
status: 200
content-type: text/event-stream;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *, *
expires: Fri, 31 Jul 2020 17:39:40 GMT

GET
H2 200 getcookie Show response
evidon.mgr.consensu.org/iab/ 169 B
380 B 305ms
111ms Script
text/javascript 3.229.146.249
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://evidon.mgr.consensu.org/iab/getcookie
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.229.146.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-229-146-249.compute-1.amazonaws.com
Software: /
Resource Hash: 9b133863146a5f391e8cee0842cafc7498ae89b6f79edbecfc842055342c1fe2

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
x-amzn-requestid: 9fd3ad18-327c-46d4-8bc7-0c2e3deb6c90
status: 200
content-type: text/javascript
access-control-allow-origin: *
x-amzn-trace-id: Root=1-5f24575c-0e9fe21e2e1834d2948d8d7a;Sampled=0
x-amz-apigw-id: QjKWdHv6oAMFd-g=
content-length: 169

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=6035630&ns__t=1596217180227&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20crimina...
https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1596217180227&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20crimin...

0
528 B

7ms
6ms

Image
text/plain

23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1596217180227&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9=&cs_ak_ss=1
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:40 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1596217180227&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:40 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 48 KB
17 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07e078c5e59f50540a75c50a19fd9f20e5442ce8e4d963010d7a32f89c2fabd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "587 / 513 of 1000 / last-modified: 1596147233"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 16609
x-xss-protection: 0
expires: Fri, 31 Jul 2020 17:39:40 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
829 B 28ms
15ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.reuters.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 17:39:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
829 B 28ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.reuters.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 17:39:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2020072701.js Show response
securepubads.g.doubleclick.net/gpt/ 254 KB
90 KB 55ms
42ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

edf6ab3553d76573e5d5939c0c4a3ada737c98ee962379b25cbf23c96f17d732

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 27 Jul 2020 13:08:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91625
x-xss-protection: 0
expires: Fri, 31 Jul 2020 17:39:40 GMT

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 321 B
554 B 86ms
30ms XHR
application/json 34.240.178.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:dpslot_mpu_14718822_USKCN24W25W,ss:%5B300.250,300.600,1.1%5D,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=caa77e3b-6a33-9967-4e81-d0e0006f6eb3&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.178.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-178-152.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 74d8e9fac4f23dd1a95e7a68dbde7482eb07bac44d2dc26a29f75f4b82ae86cc

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
x-server-name: app26.ie.303net.net
status: 200
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 332 B
565 B 86ms
31ms XHR
application/json 34.240.178.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:canvas_leaderboard_2727214134848492_USKCN24W25W,ss:%5B728.90,970.250,970.90,1100.100,1100.90,1100.250,1.1%5D,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=caa77e3b-6a33-9967-4e81-d0e0006f6eb3&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.178.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-178-152.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 86f3693160258a17e0ab591806486d18efe63c5d97e2a7ada6ec702d651fbec0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
x-server-name: app05.ie.303net.net
status: 200
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 56 B
289 B 81ms
27ms XHR
application/json 34.240.178.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:dpslot_connatix_12720239_USKCN24W25W,s:1100,420.1100,400.fluid,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=caa77e3b-6a33-9967-4e81-d0e0006f6eb3&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.178.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-178-152.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bf3669795bba5ee81c6defbeb24c48986d4693233ce0964138e897363527c3af

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
x-server-name: app04.ie.303net.net
status: 200
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 290 B
523 B 83ms
30ms XHR
application/json 34.240.178.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:dpslot_bizdev_article_rr2_4825256_USKCN24W25W,ss:%5B300.280,300.250%5D,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=caa77e3b-6a33-9967-4e81-d0e0006f6eb3&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.178.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-178-152.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2a56fc6ef6491849e078f58ce14abc8ca377371f370bdf73943c9bf8ccdadbe1

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
x-server-name: app16.ie.303net.net
status: 200
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
141 B 498ms
165ms XHR
application/json 35.164.248.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.segment.io/v1/p
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.164.248.150 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-164-248-150.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Fri, 31 Jul 2020 17:39:40 GMT
access-control-allow-origin: https://www.reuters.com
content-length: 21
vary: Origin
content-type: application/json

GET
H2 200 /
www.facebook.com/tr/ 44 B
265 B 19ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=312961195854690&ev=PageView&dl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&rl=&if=false&ts=1596217180499&sw=1600&sh=1200&v=2.9.22&r=stable&a=seg&ec=0&o=30&fbp=fb.1.1596217180498.2024844871&it=1596217179816&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 31 Jul 2020 17:39:40 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
192 B 7ms
6ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&aip=1&a=712955170&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&dp=%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&ul=en-us&de=UTF-8&dt=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGhAiEAjR~&jid=1958139512&gjid=506178639&cid=741099389.1596217158&tid=UA-24152976-22&_gid=1752450065.1596217180&cd2=Cyberrisk&cd11=us-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals&cd4=Article%20-%20News&cd32=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&cd8=0&cd10=Slideshow&cd9=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&cd19=Page%20Load&cd7=Desktop&cd6=U.S.&cd5=Article&cd17=Jack%20Stubbs&cd3=Tentpoles%20-%20Cyberrisk&cd1=Tentpoles&cd13=529&cd18=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&cd38=false&cd40=RCOMUS_Cyberrisk&cd41=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&cd42=USKCN24W25W&cd43=KCN24W25W&cd44=4&cd45=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&z=1414522460

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jul 2020 21:07:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1974725
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-24152976-22&cid=741099389.1596217158&jid=1958139512&gjid=506178639&_gid=1752450065.1596217180&_u=aGhAiEAjR~&z=1622600468
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=741099389.1596217158&jid=1958139512&_v=j83&z=1622600468
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=741099389.1596217158&jid=1958139512&_v=j83&z=1622600468&slf_rd=1&random=2054419799

42 B
492 B

29ms
18ms

Image
image/gif

2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=741099389.1596217158&jid=1958139512&_v=j83&z=1622600468&slf_rd=1&random=2054419799

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:40 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=741099389.1596217158&jid=1958139512&_v=j83&z=1622600468&slf_rd=1&random=2054419799
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0b9ae0631dc9cb1d12dd2eb240ef07bb.png
static.reuters.com/resources_v2/react/CKB-23169-b72/ 22 KB
9 KB 26ms
7ms Image
image/png 13.35.254.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/0b9ae0631dc9cb1d12dd2eb240ef07bb.png
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.19 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-19.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 9f9104dee58871cdb561e4f139fcf095a2fc1fcb0a7778a964975e6b12059c6a

Request headers

Referer: https://static.reuters.com/resources_v2/react/CKB-23169-b72/article.bundle.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 23:09:44 GMT
content-encoding: gzip
age: 66596
x-cache: Hit from cloudfront
status: 200
content-length: 9050
last-modified: Thu, 16 Jul 2020 21:01:42 GMT
server: nginx
vary: Accept-Encoding
content-type: image/png
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: 6WlQwoKTwHvzn-eSkv6a6VizXNNOP3yaTLOgxVzE40KNwcLXt0FOxg==
expires: Fri, 31 Jul 2020 23:09:44 GMT

GET
H2 200 /
static.reuters.com/resources/r/ 3 KB
4 KB 26ms
8ms Image
image/jpeg 13.35.254.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources/r/?m=02&d=20200731&t=2&i=1527881851&r=LYNXNPEG6U1FA&w=120
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.19 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-19.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 9d08f227832ef84abf52f7188704d3c1c73da9eb4d77654ad766810b8838eb96

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 15:44:55 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 15:42:49 GMT
server: nginx
age: 6885
etag: "2c4a1ae0bf610ab7da94c6f94708e754"
x-cache: Hit from cloudfront
x-amz-version-id: Tm2LBh4Mtcrwb3IAfwYxxbIEUEW3uKRf
status: 200
x-amz-cf-pop: FRA6-C1
content-type: image/jpeg
content-length: 3185
x-amz-cf-id: O5xvDvbVThM2v2iVEMWMcQkkw5grQScci9PX4jKe-gynvgzHgJxTxw==

GET
H2 200 /
static.reuters.com/resources/r/ 2 KB
2 KB 26ms
8ms Image
image/jpeg 13.35.254.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources/r/?m=02&d=20200731&t=2&i=1527840928&r=LYNXNPEG6U042&w=120
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.19 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-19.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 8801c7da15b8585778c8c5246a2aad4d61ad5cc24a0036c0217a7b3159e3276a

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 10:15:09 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 10:07:19 GMT
server: nginx
age: 26671
etag: "0ff3127a793c372fa725db0c78ce6c6a"
x-cache: Hit from cloudfront
x-amz-version-id: BZ2E84ZsGx6z3a839Cv5cxr7gTkCUa5e
status: 200
x-amz-cf-pop: FRA6-C1
content-type: image/jpeg
content-length: 1679
x-amz-cf-id: PDE_eupvzLSyO_5_eitkTjfCYftkCjvZBh_vpNtslveueftuVlsygA==

GET
H2 200 /
static.reuters.com/resources/r/ 4 KB
4 KB 26ms
8ms Image
image/jpeg 13.35.254.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources/r/?m=02&d=20200731&t=2&i=1527849148&r=LYNXNPEG6U0ZU&w=120
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.19 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-19.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 362f337b32736a78d6c980429023bd714828c00f866a6bbc3f448e708e1f33af

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 11:13:20 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 11:13:21 GMT
server: nginx
age: 23180
etag: "c7bb7adb1850dd7c936f674097b53e84"
x-cache: Hit from cloudfront
x-amz-version-id: A.J2honrJPzdKq_qX0atvykkF_DL03iR
status: 200
x-amz-cf-pop: FRA6-C1
content-type: image/jpeg
content-length: 3609
x-amz-cf-id: cSW-GulbEMcB9vtr2LxBiMnW62WI_iBUp1NAKJISvdehNq3RrY-lfg==

GET
H2 200 /
static.reuters.com/resources/r/ 3 KB
3 KB 26ms
8ms Image
image/jpeg 13.35.254.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources/r/?m=02&d=20200731&t=2&i=1527870704&r=LYNXNPEG6U1AG&w=120
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.19 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-19.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 7283999b473e6aa50dd8d5db5d65a37a56bd758ac1df316885cfea112c363062

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 14:08:44 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 14:08:02 GMT
server: nginx
age: 12655
etag: "ef5a4ab19e1a498418ae5fa812a360ee"
x-cache: Hit from cloudfront
x-amz-version-id: XBdFZRamO7pFFdd8mpKj0oQjZAqNXPII
status: 200
x-amz-cf-pop: FRA6-C1
content-type: image/jpeg
content-length: 2623
x-amz-cf-id: ZkPPiI1Rt2ptXlVoLpJTnXR003mAk99LGdXCNIY1d-snq_YrfXJx1g==

GET
H2 200 /
static.reuters.com/resources/r/ 3 KB
4 KB 23ms
10ms Image
image/jpeg 13.35.254.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.reuters.com/resources/r/?m=02&d=20200731&t=2&i=1527853808&r=LYNXNPEG6U0VW&w=120
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.19 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-19.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: aba71be114d19a922fbb29c807df251f16dc31f8ba83f40a14abca672c258bbb

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 11:50:44 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-expiration: expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified: Fri, 31 Jul 2020 11:48:51 GMT
server: nginx
age: 20936
etag: "8687741711d879f59cc793d4f251f42b"
x-cache: Hit from cloudfront
x-amz-version-id: ADL9uytg4kFmrs6Y39TooNMRpN7mBool
status: 200
x-amz-cf-pop: FRA6-C1
content-type: image/jpeg
content-length: 3291
x-amz-cf-id: tuY3rYoE_q8zMl-Mc97Ufs8FOtBJV6LDeLa5MAowh5skVNnPFOmfVQ==

GET
H2 200 rtbsspub
cdneu-xch.media.net/AdExchange/ 7 KB
7 KB 23ms
23ms EventSource
text/event-stream 23.62.140.165
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdneu-xch.media.net/AdExchange/rtbsspub?&gdpr=1&gdprconsent=0&usp_enf=1&usp_status=0&us_privacy=1---&cid=8CUF1VN4G&region=eu&ptrid=8PRL4E7N3&requestString=894667540*9%7C300x250%7C8CUD609M7%7C611759711%7C%7C%7C1%40894667540*59%7C300x250%7C8CUF1VN4G%7C_112891%7C0.07%7C%7C1%40894667540*97%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C0.63%7C%7C1%40894667540*175%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C0.01%7C%7C1%40894667540*178%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*201%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*203%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*214%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*222%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1&crid=894667540&sd=1&requrl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&bl=1&rt=5&dn=https://www.reuters.com&https=1&act=headerBid&prvReqId=174292687619344951596217180557&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.7304830243694052&ndec=1&scrsize=1600x1200&taginfo=%7B%22894667540%22%3A%7B%22xps%22%3A1290%2C%22yps%22%3A3044%2C%22supply_tag_id%22%3A%22dpslot_bizdev_article_rr2_4825256_USKCN24W25W%22%7D%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A7286%7D&itype=HB&cc=DE&rc=SN&ct=FALKENSTEIN&sid=8973&scc=1&tmt=200&section=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&prid=8PRVCXX19&isRefresh=0
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.62.140.165 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ee956c1f271f819eaeed42fafe8589d5124138757fb8ae7cd7f99352700261a8

Request headers

Accept: text/event-stream
Cache-Control: no-cache
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:40 GMT
status: 200
content-type: text/event-stream;charset=UTF-8
access-control-allow-origin: https://www.reuters.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *, *
expires: Fri, 31 Jul 2020 17:39:40 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 115 KB
21 KB 459ms
459ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1626933070516592&correlator=1649773116252439&output=ldjh&impl=fifs&adsid=NT&vrg=2020072701&rdp=1&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200731&iu_parts=4735792%2Cus.reuters%2Ctentpoles%2Ccyberrisk%2Carticle&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x250%7C300x600%7C1x1%2C728x90%7C970x250%7C970x90%7C1100x100%7C1100x90%7C1100x250%7C1x1%2C320x50%7C1100x420%7C1100x400%2C300x280%7C300x250&fluid=0%2C0%2Cheight%2C0&prev_scp=type%3Dmpu%26div_id%3D14718822%26pixel_distance%3D400%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%26id%3Dcfce795e-d354-11ea-8c09-0a791baeecf6%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%2C80%26pub%3D40%2C50%2C60%2C70%26mnet_rbd%3D0.03%26mnet_rpc%3D31484%26mnet_rsz%3D300x250%26mnet_rlt%3D275%26mnet_rat%3DO%26mnetSize%3D300x250%26mnet_placement%3D391166652%26mnetCID%3D8CUF1VN4G%26mnetPageID%3D1%26mnetCV%3D3%26mnetCC%3DDE%26mnetUGD%3D4%7Ctype%3Dleaderboard%26div_id%3D2727214134848492%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%26id%3Dcfcea029-d354-11ea-8e39-02bf2b86cc68%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%26mnetDNB%3D1%26mnetPageID%3D3%26mnetCV%3D3%26mnetCC%3DDE%26mnetUGD%3D4%7Ctype%3Dconnatix%26div_id%3D12720239%26pixel_distance%3D20000%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%7Ctype%3Dbizdev_article_rr2%26div_id%3D4825256%26pixel_distance%3D20000%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%26id%3Dcfce789b-d354-11ea-ae13-067f141e2336%26vw%3D40%2C50%26grm%3D40%2C50%26pub%3D40%26mnetDNB%3D1%26mnetPageID%3D4%26mnetCV%3D3%26mnetCC%3DDE%26mnetUGD%3D4&cust_params=bidxc%3D1%26admant%3DAccentureAPAC_Negative%252CArtificial_Intelligence%252CBarclays%252CBarclays_2%252CBoeing_Neg%252CBofA_Neg%252CBofA_Neg_Topics%252CCME_Negative%252CCognizant_Coronavirus_3%252CDIT_Negative_kw1%252CDWA-Cisco-Coronavirus%252CExxon_Negative%252CFRB%252CGoldmanSachs%252CIBM%252CJPMorgan_Neg%252CJuliusBaer2020_FinancialPlanning-2%252CMSFT_Neg%252CMarcusUSDeposits_1%252CMobkoi_FB_Negative%252CNegative_Keywords_3.2%252CSaudiAramco_Negative%252CTradeWeb_AiEx%252CWorkdayPG_Neg%26ntvPlacement%3D1093478%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3Dlow&cookie_enabled=1&bc=31&abxe=1&lmt=1596217180&dt=1596217180619&dlt=1596217157502&idt=22924&frm=20&biw=1600&bih=1200&oid=3&adxs=1140%2C-12245933%2C258%2C1140&adys=404%2C-12245933%2C3487%2C3044&adks=2961757527%2C284456772%2C3636333061%2C2334924728&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&dssz=67&icsg=44040240&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1%7C0x-1%7C754x420%7C300x-1&msz=300x-1%7C0x-1%7C754x420%7C300x-1&ga_vid=741099389.1596217158&ga_sid=1596217181&ga_hid=712955170&fws=4%2C132%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

ead1f5d7326f198363f926cfd3ee7a492913e33aa439566801ea3b1d3af50519

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20957
x-xss-protection: 0
google-lineitem-id: -1,5400724061,4806613891,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,138315302645,138288736159,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.reuters.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
c9aba862264c892257260ec23d030375.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 48ms
14ms Other
text/html 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c9aba862264c892257260ec23d030375.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 17ms
6ms Other
text/html 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 69 KB
23 KB 19ms
7ms Script
application/x-javascript 2600:9000:2057:1600:18:1fcd:34e:d2a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:1600:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ba607af2c8d414ab6d4bac90c526d90a939cb0adf507b6ba063265347479159d

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 16:27:32 GMT
content-encoding: gzip
last-modified: Fri, 24 Apr 2020 00:58:19 GMT
server: nginx
age: 4328
etag: W/"5ea239ab-11347"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: sUv3Kb0pJwgS9SgUrYIc7Tt9SfKo181HCrwHbTSKJ9gVp58vRboryA==
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
expires: Fri, 31 Jul 2020 18:27:32 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame AD35 0
0 16ms
16ms Document
text/html 23.210.250.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUF1VN4G&prvid=3%2C23%2C28%2C29%2C33%2C38%2C41%2C51%2C54%2C56%2C59%2C69%2C72%2C74%2C76%2C77%2C80%2C82%2C84%2C97%2C106%2C108%2C109%2C113%2C117%2C118%2C122%2C126%2C138%2C139%2C141%2C145%2C147%2C159%2C172%2C173%2C174%2C175%2C178%2C182%2C184%2C188%2C193%2C201%2C203%2C208%2C214%2C222%2C225%2C226%2C3004%2C3007%2C3008%2C3010%2C3012%2C3014%2C3015%2C3017&rtime=506&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.250.97 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-250-97.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUF1VN4G&prvid=3%2C23%2C28%2C29%2C33%2C38%2C41%2C51%2C54%2C56%2C59%2C69%2C72%2C74%2C76%2C77%2C80%2C82%2C84%2C97%2C106%2C108%2C109%2C113%2C117%2C118%2C122%2C126%2C138%2C139%2C141%2C145%2C147%2C159%2C172%2C173%2C174%2C175%2C178%2C182%2C184%2C188%2C193%2C201%2C203%2C208%2C214%2C222%2C225%2C226%2C3004%2C3007%2C3008%2C3010%2C3012%2C3014%2C3015%2C3017&rtime=506&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status: 200
server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Mon, 01 Feb 2021 17:39:40 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=140747
expires: Sun, 02 Aug 2020 08:45:27 GMT
date: Fri, 31 Jul 2020 17:39:40 GMT
content-length: 4726

GET
H2 200 tag.min.js Show response
get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/ 42 KB
43 KB 26ms
8ms Script
text/javascript 143.204.201.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.40 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-40.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f37beed085d2cfdd1386a8942434d8011aa20f2e7afa20d7edfd0d49998da1e7

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 f2db75b601dc30df73b1beb29596a375.cloudfront.net (CloudFront)
last-modified: Thu, 09 Jul 2020 16:33:02 GMT
server: AmazonS3
age: 27
etag: "83e3072c323b852d705b92d495976daf"
x-cache: Hit from cloudfront
content-type: text/javascript
status: 200
date: Fri, 31 Jul 2020 17:39:14 GMT
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 43283
x-amz-cf-id: tLJT2K3C5z3o3xdascibDNig26XmThORCcnyzmZwAzjDyLzP_ZGf2A==

POST
H2 200 i Show response
api.segment.io/v1/ 21 B
141 B 343ms
165ms XHR
application/json 35.164.248.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.segment.io/v1/i
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.164.248.150 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-164-248-150.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Fri, 31 Jul 2020 17:39:40 GMT
access-control-allow-origin: https://www.reuters.com
content-length: 21
vary: Origin
content-type: application/json

GET
H2 200 collect
www.google-analytics.com/ 35 B
90 B 6ms
5ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&aip=1&a=712955170&t=timing&_s=2&dl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&dp=%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&ul=en-us&de=UTF-8&dt=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=23965&pdt=28&dns=1&rrt=344&srt=434&tcp=47&dit=22811&clt=22811&_gst=914&_gbt=932&_cst=840&_cbt=904&_u=aHhAiEAjR~&jid=&gjid=&cid=741099389.1596217158&tid=UA-24152976-22&_gid=1752450065.1596217180&cd2=Cyberrisk&cd11=us-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals&cd4=Article%20-%20News&cd32=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&cd8=0&cd10=Slideshow&cd9=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&cd19=Page%20Load&cd7=Desktop&cd6=U.S.&cd5=Article&cd17=Jack%20Stubbs&cd3=Tentpoles%20-%20Cyberrisk&cd1=Tentpoles&cd13=529&cd18=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&cd38=false&cd40=RCOMUS_Cyberrisk&cd41=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&cd42=USKCN24W25W&cd43=KCN24W25W&cd44=4&cd45=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&z=765863312

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jul 2020 21:07:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1974725
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 273ms
90ms Image
image/gif 54.84.196.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=reuters.com&p=reuters.com%2Farticle%2Fus-cyber-cwt-ransom-idUSKCN24W25W&u=BvYIhcDgDma-DZTL4x&d=reuters.com&g=52639&g0=Cyberrisk&g1=Jack%20Stubbs&g4=Article&n=1&f=00001&c=0&x=0&m=0&y=7286&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=23965&t=ncwTgxa1LEO-KER9DPZZDOql-f&V=120&i=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&tz=-120&sn=1&sv=CD1_uvDT3RS_B6tdOE03tdZCUZXIy&sd=1&im=06679cf0&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.84.196.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-84-196-220.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Fri, 31 Jul 2020 17:39:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 beacon.min.js Show response
beacon.s-onetag.com/ 18 KB
6 KB 23ms
6ms Script
application/javascript 2600:9000:2057:7200:5:9a4c:9b00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.s-onetag.com/beacon.min.js
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:7200:5:9a4c:9b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d640ed39630d91dec61dcb107b977293ec29fecbb5e74467e017d872bf76b0db

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: iJO00mi5pglap2bW60H1GBGtloYAnC3A
content-encoding: gzip
last-modified: Thu, 09 Apr 2020 15:07:03 GMT
server: AmazonS3
age: 145008
date: Thu, 30 Jul 2020 01:22:53 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=172800
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: qCCzsX3u24r_2g07v0648R0eIEvM3enhgQ36Y_EbzwfFAtNg4W2STw==
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)

GET
H2 200 /
s3.reutersmedia.net/resources/r/ 68 B
458 B 27ms
26ms Image
image/png 13.35.254.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.reutersmedia.net/resources/r/?m=02&d=20181126&t=2&i=1670625344&w=380&fh=&fw=&ll=&pl=&sq=&rtn=LYNNXMPEGJ0FD5&x30y10&r=LIYXPPGG10FT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.19 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-19.fra6.r.cloudfront.net
Software: ADFCDN/5.2.3 / AdDefend GmbH
Resource Hash: adfa0c7de03bc3bea3de80b4a4514881c8b6296568f43a5acd5cd7a16fffd1c9

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:40 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
server: ADFCDN/5.2.3
x-amz-cf-pop: FRA6-C1
x-powered-by: AdDefend GmbH
x-cache: Miss from cloudfront
content-type: image/png
status: 200
cache-control: max-age=0, max-stale=0, must-revalidate, no-cache, no-store, no-transform, post-check=0, pre-check=0, private
accept-ranges: bytes
content-length: 68
x-amz-cf-id: tzjcmi3PQ5bzoFRdS0Tdmo1QFc8cZXSMzjN405RL51FaCc6qJxPyLA==
expires: 0

GET
H2 200 /
s3.reutersmedia.net/resources/r/adinclude/ 68 B
459 B 45ms
45ms Image
image/png 13.35.254.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.reutersmedia.net/resources/r/adinclude/?m=02&d=20160517&t=2&i=7468022560&w=251&fh=&fw=&ll=&pl=&sq=2&r=PCVW0FD5.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.19 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-19.fra6.r.cloudfront.net
Software: ADFCDN/5.2.3 / AdDefend GmbH
Resource Hash: adfa0c7de03bc3bea3de80b4a4514881c8b6296568f43a5acd5cd7a16fffd1c9

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:40 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
server: ADFCDN/5.2.3
x-amz-cf-pop: FRA6-C1
x-powered-by: AdDefend GmbH
x-cache: Miss from cloudfront
content-type: image/png
status: 200
cache-control: max-age=0, max-stale=0, must-revalidate, no-cache, no-store, no-transform, post-check=0, pre-check=0, private
accept-ranges: bytes
content-length: 68
x-amz-cf-id: mFg10YCeyRBcy27BDxTHzwwv5RMVGn5xreiC7vfpVkLaZGAnwhlDvQ==
expires: 0

POST
H2 200 /
www.facebook.com/tr/ 0
106 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzECvwWB7SuKygzpg

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 31 Jul 2020 17:39:41 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.reuters.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012007210634000/ Frame 0C68 206 KB
56 KB 46ms
14ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c30c656a67a3c902072c7c839344fbe793788edbbaebb4f7a59b4c3c6750897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2631
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57364
x-xss-protection: 0
server: sffe
date: Fri, 31 Jul 2020 16:55:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "da4645546e0fb9cb"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Jul 2021 16:55:50 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 0C68 16 KB
6 KB 44ms
14ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007210634000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66f14ced94dbd60cb3c1f8fc74f67f01d05b4cbeee93c877a2e86ad31847eb44

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 179068
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5902
x-xss-protection: 0
server: sffe
date: Wed, 29 Jul 2020 15:55:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ed761c4f9176d72d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jul 2021 15:55:13 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 0C68 96 KB
29 KB 39ms
8ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007210634000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb199303a3c6c4ec7d96d3135a9798cf63f52e829aba12d2ae8c30f01425281a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2621
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29699
x-xss-protection: 0
server: sffe
date: Fri, 31 Jul 2020 16:56:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ff583ae049a1bccf"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Jul 2021 16:56:00 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 0C68 4 KB
2 KB 38ms
8ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007210634000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

360a25e0b7ac5376a0c319d1eac76df31ffcce5b82faa2f3a0b3ef70f370d151

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 179063
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1786
x-xss-protection: 0
server: sffe
date: Wed, 29 Jul 2020 15:55:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fe8a226332f994d7"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jul 2021 15:55:18 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 0C68 48 KB
16 KB 36ms
6ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007210634000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0847fb2a4b12a2cfd5b8775ebf0a1ca59c1d8c34894ee2f3f26e827969f39567

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 183319
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15001
x-xss-protection: 0
server: sffe
date: Wed, 29 Jul 2020 14:44:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f044ff03265d7aa3"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jul 2021 14:44:22 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0C68 5 KB
1 KB 28ms
14ms Stylesheet
text/css 2a00:1450:4001:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 31 Jul 2020 17:30:50 GMT
server: ESF
date: Fri, 31 Jul 2020 17:39:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 31 Jul 2020 17:39:41 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0C68 5 KB
738 B 28ms
14ms Stylesheet
text/css 2a00:1450:4001:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 31 Jul 2020 16:19:54 GMT
server: ESF
date: Fri, 31 Jul 2020 17:39:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 31 Jul 2020 17:39:41 GMT

GET
DATA 200
OK truncated
/ Frame 0C68 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84550346b04d7d987275e2519d8bcbcc6c7ace7518154a15bcaaefe8c875d42f

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame BAAE 0
0 42ms
41ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstVrw2ZHXqu6SUfCuK41i6vdT7eaKFPyZoNNY7UqooKNLRR28VT7VNMJyNVyv5V6dJ_NZ2d-afXkxeBCtJL7lFuYrJ9-xTo1z3o2ncuInitTwkxXYN2rVzPMrJtRggz4QkUeb1Fdji-P8YfWKOqVHmVfq6lmmmPG3hu0qkg8tvCjxDMlUFQfeAKmRQcgNbuuH8DDSMUSnkOJfvyMYNYoplvOUyeSlH4CEwkM4gqgb2TD3j4V-BQFCYESjNSozomeDE4dM0gZblnlndujOPighP2mFKLAtgvTntr9VjHje74qvgC&sai=AMfl-YSiG9jChhYzEKZjl67nZoiDrKYvzBMm2JvaT3b4vTrox7hVjBKQzO2gpHP56F2tOX7W54BneoQ8Qgc_98aQRPxJMvahMye48NcHMdG7YEGyfaQMvjGra72O8-uA7i8&sig=Cg0ArKJSzINJa6Qu3fB2EAE&urlfix=1&adurl=

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 17:39:41 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 31 Jul 2020 17:39:41 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame BAAE 20 KB
10 KB 78ms
34ms Script
text/javascript 37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=37789883;click=https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjstgdooE1hY8SHrKEQJmJyVF7yLMT9a0add4THGCVcVSk0lQzng1w8i314iez508zYMF9MdJbgWC4CKptROQxY0wU37coKzSF3a6Ij3Tq6a2zbqC0_sR05NRQ9w64W4tpIZZMcQg-dvROxEyeVVcOC7Wh1e8CN6LIsfmVXL2BHRV0mkVS79s3oYG4Us8RHAQgfVdtbXfwZLjsfrWp9IyP2cLu1hH3aU6eiT0SlevTD8ttVzqGr6XQ3Ir0rzBw1iE7VTw7h2SBSQ5-OWlX3A83lqAJR14gIx1XgVB-qOrvw5I&sai=AMfl-YQGA1pBHuVC0Rc1OFpDYMXIy8Yw6mLgS_c50-WHeGDbailLnB8-tyYRBe3V4cmB-pxn-ywbQvGiGXZEb5Wge-rLp3nMMO8R2g2IcUjV0Ezc0PSeI2RKg2-6wLjKT2A&sig=Cg0ArKJSzKenp5zct-GFEAE&urlfix=1&adurl=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

61b20b9c46adb5b1dc3fb3060c81a114ee4def1548976413bbac3645e9cd009c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 10204
expires: -1

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame BAAE 73 KB
28 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8da6b87651dc4bcd2696386149976e6e280dd7abc98444f140c567e88ce726b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1596064266704224"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28380
x-xss-protection: 0
expires: Fri, 31 Jul 2020 17:39:41 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/reutersdfpcw319687550988/ Frame BAAE 307 KB
103 KB 20ms
6ms Script
application/x-javascript 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 11558e1d027dc06afd27bf2613c169508a497d802019b0d97c417097977f00e8

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
last-modified: Wed, 29 Jul 2020 14:58:25 GMT
server: AmazonS3
x-amz-request-id: 9BBD6886F51E886A
etag: "06798e04d86839b070d5ea052c4d21a3"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=58758
accept-ranges: bytes
content-length: 105048
x-amz-id-2: 9YMgOMmFFKxKJxN/Ut2ALrQNLSH0zk8XPaa+j3QGsNP7O2hO7FZt5F3Dsmeg5QdAEyoWcP/7krM=

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/193088957431081628/ Frame 0C68 6 KB
6 KB 10ms
8ms Image
image/jpeg 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/193088957431081628/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIrAIQnQEYASABLQAAAD8wrAI4nQFFAACAPw&rs=AOga4qlk5eFepiBju6DeEhp6aCXJPDH68w

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5f23f2b89e3c842dbd272809a6238637ec29e75c419a8f36a942186117ce228

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 24 Jul 2020 06:25:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Nov 2019 14:53:49 GMT
server: sffe
age: 645242
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6078
x-xss-protection: 0
expires: Sat, 24 Jul 2021 06:25:39 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12630945033984638994/ Frame 0C68 5 KB
5 KB 10ms
7ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12630945033984638994/downsize_200k_v1?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4qmCzEDpo9jOKdWTfH1NzuIgaDyB0Q

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e974f2b1cce6233e901eafb1aeff26b4c1eeae40da2076504561fd34925b61d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 23 Jul 2020 01:58:33 GMT
x-content-type-options: nosniff
last-modified: Mon, 11 Nov 2019 11:36:07 GMT
server: sffe
age: 747668
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5481
x-xss-protection: 0
expires: Fri, 23 Jul 2021 01:58:33 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0C68 0
0 43ms
41ms Image
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C7fQeXFckX5u_KcmPrATfuZ7oDOq0wKFe-5uoh80KloLNhYgWEAEg2p61FWCVAqAB4rWNzAPIAQapAqm9iG813bM-4AIAqAMByAMKqgTdAk_QX70RNif0WzUO4HCo_YAlyJqOEuHNiSn6k06jXYlvKErPmrFuxt1zm0ey8LLmP6nF67xF9GnvO-5-6ltwSsCzjLDTpobRysI1Ugc7FU_xdDQ-VaRURA6miEEzBF7QcezlH3zrI3nISrjLOEcSiYbB1lfavndugjMh5F056i8cd_D7xKyq_cAk-YpJOh8Ii54F_WBSL23RG7k1ZUtjRGl_oKTOszKXZ6SESe7Se4VC1eWNaMSJTgeaAKvA-oPDHIFL7bCLAZIgaLj1Ui1E38DYW53yQ_kzQfgfDtjDUr2faGvnpDjFW5MoeC7L9TkzYi1X_J9MT2Il5myj1ogxlHfuIjq4Pyddg7wBZ08UuthllAtcZ-clQ63HXAMA_WHBvrqn2Ci03JPyZIka4ILiz0A-HwXHh8jktXq9Dc1cVW4n3qkyn6gzzgDfcRcsS2YPA56UljXNTzs0ehIrLtzABIf7gtbLAuAEAZIFBAgEGAGSBQQIBRgEoAY3gAeGk8ExqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEIuyGNIICQiA4YBwEAEYHYAKA8gLAdgTDIgUAQ&sigh=i0FwSJ6mI5A&template_id=492&tpd=AGWhJmsalYh-e4kt5uDr_NIIjZ4VXI9CrJutbACpRwZTEgg3XQ
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0C68 0
0 15ms
13ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRXjJqP7UyjjK1fgELsvjDszHl2EVzA6KaX95tAJcWk-C_AuniZd_SBvJiW0J1t_HucQTI1
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0C68 2 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 23443
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 01 Aug 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0C68 295 B
519 B 7ms
6ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jul 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 72763
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 31 Jul 2020 21:26:58 GMT

GET
H2 200 5400724061 Show response
dfp-gateway.s-onetag.com/1/4735792/ 112 B
580 B 115ms
31ms XHR
application/json 143.204.201.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dfp-gateway.s-onetag.com/1/4735792/5400724061
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.10 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-10.fra53.r.cloudfront.net
Software: /
Resource Hash: 482d82a54d9618d1038baffb214f05b2257d25fae39a68365f97fb1257f9f54a

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 21:37:17 GMT
via: 1.1 2f194b62c8c43859cbf5af8e53a8d2a7.cloudfront.net (CloudFront), 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
age: 72144
x-amzn-requestid: afe4623f-e016-4e38-87a3-8704a82a0bc5
status: 200
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400, public
x-amzn-trace-id: Root=1-5f233d8d-a125175ab323cde9eaa41991;Sampled=0
x-amz-cf-pop: FRA2-C2, FRA53-C1
x-amz-apigw-id: QgaOJGsJiYcF9DA=
content-length: 112
x-amz-cf-id: ueuCLrth3g0WlyvxWcfDPmb78PCch1O-JI1v4kB8lEtkH6mkFn9stA==

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 71 KB
27 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e3325db456620e768bfa6a930c1015b6fd4e8b967cbb88d07867883c9e5fa6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1596064266704224"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27106
x-xss-protection: 0
expires: Fri, 31 Jul 2020 17:39:41 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 0C68 11 KB
11 KB 18ms
6ms Font
font/woff2 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de
Origin: https://www.reuters.com

Response headers

date: Wed, 29 Jul 2020 23:10:45 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 152936
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Thu, 29 Jul 2021 23:10:45 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 0C68 11 KB
11 KB 17ms
6ms Font
font/woff2 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de
Origin: https://www.reuters.com

Response headers

date: Thu, 09 Jul 2020 02:32:55 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 1955206
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Fri, 09 Jul 2021 02:32:55 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame F3BA 0
0 43ms
42ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuSpP03u1ktSQEap7Ji2KfSusSV-zWyYI71qLoTF0K8ziSYi75bJ1eywmhwIhfqj9E3tyRkAL394vY6FlqbVaThmwPOJi7tzo2xVqKtrj55Exc3A2neB09yiJHJF7-3N4L_ikxV54cfKnosDYodK6U3qJzty_PharsMeAvWg0cXtutLYNCdNpavc06tPaCtKtSWlLATaPq_4Xl4QRVojPyydeBrWB03wCr6uhIxO7iSkbHX3p4tweZvFcicV1GyFMZOsgxdqzyULYSj_ZeoqkeYO1-ZxVeQPuH26az8Klg&sai=AMfl-YQAI8vnQFzChOHtDu81tRrkIbJ1UG4Hxv-Sv548WadFvZIGU77LhNjQS_oNgIwUD4OXaoxGr01gXeO-wBC1xzvlcrC6jWQX7Smbw_ElE3YVctZ6fvyPRGTCKfHashs&sig=Cg0ArKJSzMVwZod7aPehEAE&urlfix=1&adurl=

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 17:39:41 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/40500/ Frame BCB9
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/40500/connatix.player.dc.js

779 KB
195 KB

19ms
6ms

Script
application/javascript

151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/40500/connatix.player.dc.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d7e294f96184435922e6827a7d1d9ffe3fde9ffde3dca304488ba7b092d87d76

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
age: 26615
x-cache: HIT, HIT
status: 200
content-length: 199316
x-served-by: cache-dca17721-DCA, cache-hhn4069-HHN
access-control-allow-origin: *
last-modified: Fri, 31 Jul 2020 09:46:16 GMT
x-timer: S1596217181.294212,VS0,VE0
etag: "dc137e7174ecf0cf30ec03e1e95778e3"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 3111

Redirect headers

date: Fri, 31 Jul 2020 17:39:41 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-served-by: cache-hhn4069-HHN
status: 302
x-cache: HIT
location: https://cds.connatix.com/p/40500/connatix.player.dc.js
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
x-timer: S1596217181.224920,VS0,VE0
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame F3BA 73 KB
28 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8da6b87651dc4bcd2696386149976e6e280dd7abc98444f140c567e88ce726b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1596064266704224"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28380
x-xss-protection: 0
expires: Fri, 31 Jul 2020 17:39:41 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/reutersdfpcw319687550988/ Frame F3BA 307 KB
103 KB 7ms
6ms Script
application/x-javascript 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 11558e1d027dc06afd27bf2613c169508a497d802019b0d97c417097977f00e8

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
last-modified: Wed, 29 Jul 2020 14:58:25 GMT
server: AmazonS3
x-amz-request-id: 9BBD6886F51E886A
etag: "06798e04d86839b070d5ea052c4d21a3"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=58758
accept-ranges: bytes
content-length: 105048
x-amz-id-2: 9YMgOMmFFKxKJxN/Ut2ALrQNLSH0zk8XPaa+j3QGsNP7O2hO7FZt5F3Dsmeg5QdAEyoWcP/7krM=

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012007210634000/ Frame 7A3F 206 KB
56 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c30c656a67a3c902072c7c839344fbe793788edbbaebb4f7a59b4c3c6750897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2631
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57364
x-xss-protection: 0
server: sffe
date: Fri, 31 Jul 2020 16:55:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "da4645546e0fb9cb"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Jul 2021 16:55:50 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 7A3F 16 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007210634000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66f14ced94dbd60cb3c1f8fc74f67f01d05b4cbeee93c877a2e86ad31847eb44

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 179068
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5902
x-xss-protection: 0
server: sffe
date: Wed, 29 Jul 2020 15:55:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ed761c4f9176d72d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jul 2021 15:55:13 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 7A3F 96 KB
29 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007210634000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb199303a3c6c4ec7d96d3135a9798cf63f52e829aba12d2ae8c30f01425281a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2621
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29699
x-xss-protection: 0
server: sffe
date: Fri, 31 Jul 2020 16:56:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ff583ae049a1bccf"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Jul 2021 16:56:00 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 7A3F 4 KB
2 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007210634000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

360a25e0b7ac5376a0c319d1eac76df31ffcce5b82faa2f3a0b3ef70f370d151

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 179063
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1786
x-xss-protection: 0
server: sffe
date: Wed, 29 Jul 2020 15:55:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fe8a226332f994d7"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jul 2021 15:55:18 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012007210634000/v0/ Frame 7A3F 48 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012007210634000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0847fb2a4b12a2cfd5b8775ebf0a1ca59c1d8c34894ee2f3f26e827969f39567

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 183319
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15001
x-xss-protection: 0
server: sffe
date: Wed, 29 Jul 2020 14:44:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f044ff03265d7aa3"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jul 2021 14:44:22 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7A3F 7 KB
798 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d0cbfb1ab0f94123834567e32df7ec74a1c210793f797368d41a4b4c2732d4a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 31 Jul 2020 16:14:53 GMT
server: ESF
date: Fri, 31 Jul 2020 17:39:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 31 Jul 2020 17:39:41 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7A3F 2 KB
2 KB 6ms
5ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 23443
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 01 Aug 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7A3F 295 B
352 B 6ms
6ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jul 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 72763
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 31 Jul 2020 21:26:58 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5743776668941135073/ Frame 7A3F 17 KB
17 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5743776668941135073/downsize_200k_v1?w=400&h=209

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fce12d2ea048b2cf5d460797b17cd4d3c277ba2a2f9eab31fcbe3a873495e4c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 13:30:35 GMT
x-content-type-options: nosniff
age: 101346
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17053
x-xss-protection: 0
last-modified: Fri, 18 Jan 2019 08:38:11 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jul 2021 13:30:35 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16564057862702959013/ Frame 7A3F 7 KB
7 KB 9ms
8ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16564057862702959013/downsize_200k_v1?w=300&h=300

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

796183d0a0b953aabb88c97078232fc5896ea6d45cf1d8501114ad12d9927f6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 13:01:03 GMT
x-content-type-options: nosniff
age: 103118
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7123
x-xss-protection: 0
last-modified: Tue, 21 Aug 2018 07:41:32 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jul 2021 13:01:03 GMT

GET
DATA 200
OK truncated
/ Frame 7A3F 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7A3F 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c596b9c20eabbb206a5b5cf1c3d33ac8e1a4cb7c2992c53fd158483c40eed09

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4806613891 Show response
dfp-gateway.s-onetag.com/1/4735792/ 114 B
583 B 27ms
27ms XHR
application/json 143.204.201.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dfp-gateway.s-onetag.com/1/4735792/4806613891
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.10 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-10.fra53.r.cloudfront.net
Software: /
Resource Hash: 698a0d14189cdfa590d112b056e978324c551080f63a9e0b340b6f1b204af296

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 21:28:09 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront), 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
age: 72692
x-amzn-requestid: f7cc2e7a-b8e3-4012-88ac-e60e6a4f3adf
status: 200
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400, public
x-amzn-trace-id: Root=1-5f233b69-646cd0ac8dd4ae1a334b4672;Sampled=0
x-amz-cf-pop: FRA6-C1, FRA53-C1
x-amz-apigw-id: QgY4fEreCYcFWyA=
content-length: 114
x-amz-cf-id: QFs3L7fn9CXkxKUCmhMQbIHX0Mq2FsvwN4mfk41cJhwtM6wRwfKzXA==

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7A3F 0
0 43ms
42ms Image
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CZxtvXFckX52_KcmPrATfuZ7oDNK9z7tb2d_79foIloLNhYgWEAEg2p61FWCVAqAB-a3EhQPIAQmpAqm9iG813bM-4AIAqAMByAMKqgTeAk_Qx-Uu-oYrs2HokRFObs5xNo06YimwAdBvZDjaox05cKaSsoaqGzvlnROUdJR6_CBZvR6IN5xk0JClu8K4i93HycxDzHKsOKmEfJkaUCdQHge3AotfkHJoS_PfgL_dzsS284MrYT5_uhIbEQHiP76_ztBvsNDYu_yvlL9HU1698OcBLvuyNbdTSdPInDIxV-tyjPWZSQdhc3A8vvUM1PiIfAKvJNfGGxPNiwBPf3YvUGMqgtDtkHk0RqR4iRsY9UCIMRi-5H3iuBwjeYW0mM8LL5OV6DLDpl1iZMyV-i6tZ0Iu91ZmHtmUXF_kxGwk-g5stdnLqEaHyiqw6XEFxVH6bpaPLFRb5X7isCHuXlyfIwQbFpmAZ4X3ZvSS_2zcDIIRLyyPFqQYrT6wrXCBWbIdLsAIptgAHEd1YxMEd5q2QT4qitsoBN2gYCc9S1fsrn4B8DtKCraBcPmGHXhGwATdgord5wHgBAGSBQQIBBgBkgUECAUYBKAGLoAH79G7eqgHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAPIHBBD_wg7SCAkIgOGAcBABGB2ACgPICwHYEwyIFAM&sigh=5dYeDY9Y_r4&template_id=484&tpd=AGWhJmuIgviwR4vVR3fx_rVmzSdE618vi0kCL5zn-VtHXAtFYQ
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 30ms
18ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020072701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a8dc156b9152583959fa2ab53e1a41a7f6c22677b6e976a979d3bb8d14ca6d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5618
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 7A3F 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Origin: https://www.reuters.com

Response headers

date: Wed, 29 Jul 2020 22:18:12 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 156089
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Thu, 29 Jul 2021 22:18:12 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 7A3F 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Origin: https://www.reuters.com

Response headers

date: Fri, 24 Jul 2020 13:57:42 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 618119
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Sat, 24 Jul 2021 13:57:42 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/620/s1.adform.net/ Frame BAAE 33 KB
16 KB 58ms
19ms Script
text/javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=37789883;click=https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjstgdooE1hY8SHrKEQJmJyVF7yLMT9a0add4THGCVcVSk0lQzng1w8i314iez508zYMF9MdJbgWC4CKptROQxY0wU37coKzSF3a6Ij3Tq6a2zbqC0_sR05NRQ9w64W4tpIZZMcQg-dvROxEyeVVcOC7Wh1e8CN6LIsfmVXL2BHRV0mkVS79s3oYG4Us8RHAQgfVdtbXfwZLjsfrWp9IyP2cLu1hH3aU6eiT0SlevTD8ttVzqGr6XQ3Ir0rzBw1iE7VTw7h2SBSQ5-OWlX3A83lqAJR14gIx1XgVB-qOrvw5I&sai=AMfl-YQGA1pBHuVC0Rc1OFpDYMXIy8Yw6mLgS_c50-WHeGDbailLnB8-tyYRBe3V4cmB-pxn-ywbQvGiGXZEb5Wge-rLp3nMMO8R2g2IcUjV0Ezc0PSeI2RKg2-6wLjKT2A&sig=Cg0ArKJSzKenp5zct-GFEAE&urlfix=1&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bf6f96985d9f9ab3332721601ff06191bfb8630e60fcf414cdde0cdf4e5eb811

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
last-modified: Thu, 09 Jul 2020 14:30:32 GMT
server: nginx
status: 200
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 01 Aug 2020 20:50:59 GMT

GET
DATA 200
OK truncated
/ Frame F3BA 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25a35c5c6242feab4357be95cac4c82b0539d77838352294a35c9f125dcd94a4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 6545 46 KB
13 KB 117ms
58ms Script
application/javascript 34.240.178.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=904124793&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.178.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-178-152.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 814dbee21d8f470fd6b8dff0590988178cefdac9b8ac822e3113c6026329e4dd

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
x-server-name: app02.ie.303net.net
status: 200
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 n.js Show response
geo.moatads.com/ 125 B
300 B 112ms
32ms Script
text/html 52.215.228.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=4007238046&tf=nMzjG---CSa7H-fUfHv-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbjBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=LB_1t)QCbR&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=REUTERSDFPCW3&hp=1&wf=1&vb=4&cm=12&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1596217181403&de=899246710647&m=0&ar=2bf682d4aa-clean&iw=4490aac&q=2&cb=0&ym=0&cu=1596217181403&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=20159232%3A453477432%3A4806613891%3A138288736159&zMoatTP=connatix&zMoatStory=0&zMoatAU=%2F4735792%2Fus.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&zMoatPixelDistance=20000&zMoatRawSlicer1=3735912&zMoatRawSlicer2=247866432&zMoatReutersSlicer1=3735912&zMoatReutersSlicer2=247866432&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&id=1&ii=4&bo=3735912&bd=247866432&zMoatOrigSlicer1=3735912&zMoatOrigSlicer2=247866432&dfp=0%2C1&la=247866432&gw=reutersdfpcw319687550988&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A22688%3A22688%3A23970%3A22811&fs=183324&na=990026904&cs=0&callback=DOMlessLLDcallback_32495218
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.228.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-228-190.eu-west-1.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 4d463d1b11f7b6328209e348fc882b7d8103740a885e7d0618829be9ed251119

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
server: TornadoServer/4.5.3
etag: "1805e305f3059f892aa45c94dbb34e5b3785e779"
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=900
timing-allow-origin: *
content-length: 125

GET
H2 200 n.js Show response
geo.moatads.com/ 126 B
300 B 111ms
32ms Script
text/html 52.215.228.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=4007238046&tf=nMzjG---CSa7H-fUfHv-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbjBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=LB_1t)QCbR&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=REUTERSDFPCW3&hp=1&wf=1&vb=4&cm=12&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1596217181403&de=899246710647&m=0&ar=2bf682d4aa-clean&iw=4490aac&q=3&cb=0&ym=0&cu=1596217181403&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=20159232%3A453477432%3A4806613891%3A138288736159&zMoatTP=connatix&zMoatStory=0&zMoatAU=%2F4735792%2Fus.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&zMoatPixelDistance=20000&zMoatRawSlicer1=3735912&zMoatRawSlicer2=247866432&zMoatReutersSlicer1=3735912&zMoatReutersSlicer2=247866432&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&id=1&ii=4&bo=3735912&bd=247866432&zMoatOrigSlicer1=3735912&zMoatOrigSlicer2=247866432&dfp=0%2C1&la=247866432&gw=reutersdfpcw319687550988&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A22688%3A22688%3A23970%3A22811&fs=183324&na=273639399&cs=0&callback=MoatDataJsonpRequest_32495218
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.228.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-228-190.eu-west-1.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 9759a41dfd0a9034edbb651001dbf2d7e550adc04c4a50e21721fe35de5aaf7d

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
server: TornadoServer/4.5.3
etag: "f31c42d956b01cedeb532975265eb11391518f67"
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=900
timing-allow-origin: *
content-length: 126

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame F3BA 0
54 B 43ms
42ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsshpINEwrYAWkGPeKLkLCtD9T5qaBENxDEqUhAOuoIAbyopK5FFYfpduGL71yIOOi_Pzs5K53-iHkNK6N3Pz-s4yZPAM2XHfkIrB6XcW_M0ZWGU9hncjP-eaaWQ9Rz7IGLPeGk8taw51KWabWQkn3p9ur4o2z491Ab4-_1XSnjFW2gF5DGOiMfdRjlckc96O9P6jyzlrXNZMVpyOsnoGPO5dOWpSQPdamM9qbPZm3TsXglDk5xjSsT3qLcpIbn0-PnMjaa6G2xkQEs71J6gS4epkSSnVPVE306b_9oJgyiERA&sai=AMfl-YQyLAwG5rkACnfIqVLtkWZtJAGf86cfJD82cSLs8ngfGE2W1gdE6Y7LbTQh-Shm97RuKmf9Dn7-u1Th50lfaelzz2NRSpyM1wjrrwAXIGdHcKDwl2yMeJ0TsYehu4w&sig=Cg0ArKJSzMUuLKsp6xznEAE&urlfix=1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 17:39:41 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020072701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Fri, 31 Jul 2020 17:39:41 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 0C68
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

40ms
39ms

Image
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Fri, 31 Jul 2020 17:39:41 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/193088957431081628/ Frame 0C68 6 KB
6 KB 6ms
5ms Image
image/jpeg 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5f23f2b89e3c842dbd272809a6238637ec29e75c419a8f36a942186117ce228

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 24 Jul 2020 06:25:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Nov 2019 14:53:49 GMT
server: sffe
age: 645242
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6078
x-xss-protection: 0
expires: Sat, 24 Jul 2021 06:25:39 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12630945033984638994/ Frame 0C68 5 KB
5 KB 7ms
6ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e974f2b1cce6233e901eafb1aeff26b4c1eeae40da2076504561fd34925b61d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 23 Jul 2020 01:58:33 GMT
x-content-type-options: nosniff
last-modified: Mon, 11 Nov 2019 11:36:07 GMT
server: sffe
age: 747668
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5481
x-xss-protection: 0
expires: Fri, 23 Jul 2021 01:58:33 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0C68 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 23443
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 01 Aug 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0C68 295 B
352 B 7ms
7ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jul 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 72763
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 31 Jul 2020 21:26:58 GMT

GET
H2 200 / Show response
track.adform.net/wpf/v2/sla44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2ieQTNHkdn.MqgXK_Pmtd0SHp815LyjaY2.rINj.rINM6uJ6o6e0T.5yjaY1WMsiZRP... Frame BAAE 7 KB
3 KB 21ms
21ms Script
text/javascript 37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/wpf/v2/sla44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2ieQTNHkdn.MqgXK_Pmtd0SHp815LyjaY2.rINj.rINM6uJ6o6e0T.5yjaY1WMsiZRPrwXC_JEkNgvlE4yy2XElgebiYMpztNKscKsoUs_43wuZPup_nH2t05oaYAhrcpMxE6DBUr5xj6Kkveara3g9Rk4xf7_OLgiPFMtrs1OeyjaY1vSiwqyJkRQOneNufuyPBDjaY2ftckuyPBB2SCX0iakJrN1Xm_u_I9etQVD_DJhCizgzH_y3EjNpmVWN9dPBSodjV.lV9dXJt8I_FeWrU9zIqUWAvqCSFQ_01kKJA237lY5BSmxGY5BNBtQT.clYIT3SvgMJgJ0Nc1lF4XVA4.L9.gJ.elF1VLf4.9dPgJ2MnGmRgJ2MnGmRgJ2hA1gJ.c4elF1rfs.90r/adfserve/?CC=1&bn=37789883;click=https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjstgdooE1hY8SHrKEQJmJyVF7yLMT9a0add4THGCVcVSk0lQzng1w8i314iez508zYMF9MdJbgWC4CKptROQxY0wU37coKzSF3a6Ij3Tq6a2zbqC0_sR05NRQ9w64W4tpIZZMcQg-dvROxEyeVVcOC7Wh1e8CN6LIsfmVXL2BHRV0mkVS79s3oYG4Us8RHAQgfVdtbXfwZLjsfrWp9IyP2cLu1hH3aU6eiT0SlevTD8ttVzqGr6XQ3Ir0rzBw1iE7VTw7h2SBSQ5-OWlX3A83lqAJR14gIx1XgVB-qOrvw5I&sai=AMfl-YQGA1pBHuVC0Rc1OFpDYMXIy8Yw6mLgS_c50-WHeGDbailLnB8-tyYRBe3V4cmB-pxn-ywbQvGiGXZEb5Wge-rLp3nMMO8R2g2IcUjV0Ezc0PSeI2RKg2-6wLjKT2A&sig=Cg0ArKJSzKenp5zct-GFEAE&urlfix=1&adurl=;js=1;adfxid=1x;1977;set=en-US|en-US|1600X1200|0|950|250|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

52b219b3abc5ab92cca6ae15872231f3f6b5126ec25ffc0bd4c4acaaede95276

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2733
expires: -1

GET
H2 200 connatix.player.css
cds.connatix.com/p/40500/ 49 KB
8 KB 6ms
6ms Stylesheet
text/css 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/40500/connatix.player.css
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.player.dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ace51a72013536c8eaf6085895fa699f5d4a29a6a32587e39d709be1d5e28b2c

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
age: 26615
x-cache: HIT, HIT
status: 200
content-length: 8086
x-served-by: cache-dca17745-DCA, cache-hhn4069-HHN
access-control-allow-origin: *
last-modified: Fri, 31 Jul 2020 09:46:16 GMT
x-timer: S1596217182.620749,VS0,VE0
etag: "f4471203e2e8955c274b538ee32eb93c"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 3320

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 9545 0
0 6ms
6ms Document
text/html 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Fri, 31 Jul 2020 16:24:45 GMT
expires: Sat, 31 Jul 2021 16:24:45 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4496
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 main.gr.19.8.107.js Show response
static.adsafeprotected.com/ Frame 6545 171 KB
55 KB 25ms
7ms Script
application/javascript 2600:9000:21f3:f400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.107.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=904124793&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:f400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 32c832ea0e82afa8eb7fc6fb1119ee315964d640d08aec4688eab269f6f94370

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 19:00:47 GMT
content-encoding: gzip
age: 81535
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Thu, 30 Jul 2020 18:45:19 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: sforP0rYwErGrJS3DNjaRUwGQZpjbXHL
via: 1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA2-C2
content-type: application/javascript
x-amz-cf-id: 0nr075ANmnh_xJebI_WX6oebds_J39SHQe4y8qBVof3pcBJHvmJZzQ==

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7A3F 2 KB
2 KB 6ms
5ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 23443
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 01 Aug 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7A3F 295 B
352 B 6ms
6ms Image
image/png 2a00:1450:4001:819::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jul 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 72763
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 31 Jul 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame BAAE 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02ca2c5aeda3fb45325a6285b93849878382c7d4c6e957e7180e8a3b3d67aedd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 8988 46 KB
13 KB 36ms
36ms Script
application/javascript 34.240.178.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=10764&campId=970x250&pubId=4822186048&chanId=247866432&placementId=5400724061&pubCreative=138315302645&pubOrder=2708662048&cb=447709976&custom=leaderboard&custom2=&custom3=0&adsafe_par&impId=cfcea029-d354-11ea-8e39-02bf2b86cc68
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.178.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-178-152.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 90b1e886dcd3abe3c4222be615f3426df09091e1e49adfcc59b392f441ee67c0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
x-server-name: app19.ie.303net.net
status: 200
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame BAAE 0
54 B 42ms
41ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuDRRwwjw121Un9QjmhLLeNnkrm3ROTHmO6d7ZLeWWYQJlMy5vKP-DjOWgLGZ_I-yixaongw28oN4LQt4jXpd-B2xv_s0cea8s4lW5iOZtDbZtBNjdkhYFCNLBYF7ENR99qOz32rs0ph6NmWAMYE0jMgIPvwyjW6f87ErrVryQmtzXfrEW3zLxoyqbDGDz53yHCzuTZPNPjGrpils0JPaTAAOgTxgMTEC7FLaw-usfA5z1UqRjUULqdmCT5JWprUiEs48zlnhZnHCWFWWmGDBpcZzvnuN9EdQTJcTe3mf4HIq2QpXg&sai=AMfl-YSn6DXuAH7iN3eN7NkO-HSsbHXhyo2yHYM6Z5z12WRV4y-TmuZbDUinAi0XtmNik2rbTO8GXS3OSTyPGAdj_r6SfK90y3xsZ5YGnq4xuSb3QCz2T6w5_Tq4Zmr_yxU&sig=Cg0ArKJSzCzdOILsUl6lEAE&urlfix=1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 31 Jul 2020 17:39:41 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

POST
H/1.1 200
OK pls Show response
capi.connatix.com/core/ Frame BCB9 4 KB
2 KB 441ms
117ms XHR
multipart/form-data 18.191.59.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=40500
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.59.223 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-59-223.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: 4a4a6267d34a92d80c12f9bca35df89df88864d07d3894737d5042f1361ab81f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Fri, 31 Jul 2020 17:39:42 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1789

GET
H2 200 Standard Show response
s1.adform.net/stoat/620/s1.adform.net/load/v/0.0.190/e/.wSBgiD/i/vCAv.IAAAAFAAA/r:AdConstructor:contents/HTML:types/ Frame BAAE 89 KB
38 KB 26ms
26ms Script
text/javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/620/s1.adform.net/load/v/0.0.190/e/.wSBgiD/i/vCAv.IAAAAFAAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 31f14d476f00f561b40eaa467c71aeeb5fcdebd2b9f09128ae16b3f536b333b8

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
last-modified: Thu, 09 Jul 2020 14:30:32 GMT
server: nginx
status: 200
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 01 Aug 2020 21:20:38 GMT

GET
H2 200 main.gr.19.8.107.js Show response
static.adsafeprotected.com/ Frame 8988 171 KB
55 KB 7ms
6ms Script
application/javascript 2600:9000:21f3:f400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.107.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=10764&campId=970x250&pubId=4822186048&chanId=247866432&placementId=5400724061&pubCreative=138315302645&pubOrder=2708662048&cb=447709976&custom=leaderboard&custom2=&custom3=0&adsafe_par&impId=cfcea029-d354-11ea-8e39-02bf2b86cc68
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:f400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 32c832ea0e82afa8eb7fc6fb1119ee315964d640d08aec4688eab269f6f94370

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 19:00:47 GMT
content-encoding: gzip
age: 81535
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Thu, 30 Jul 2020 18:45:19 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: sforP0rYwErGrJS3DNjaRUwGQZpjbXHL
via: 1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA2-C2
content-type: application/javascript
x-amz-cf-id: vECuvQISI5GB8ZJ31XLjP61AC4Nj2FXYc0dP9Tsgwi6ufzkiWOsZNA==

GET
H2 200 sca.17.4.114.js Show response
static.adsafeprotected.com/ Frame 7D7D 81 KB
22 KB 6ms
6ms Script
application/javascript 2600:9000:21f3:f400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.114.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:f400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 02 May 2020 05:01:21 GMT
content-encoding: gzip
age: 7821503
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Mon, 13 Jan 2020 23:54:54 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via: 1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA2-C2
content-type: application/javascript
x-amz-cf-id: 22ZIdcs1JMaOkPeNwXKGUgWiIS8zYIUGvkwrXSK0mXGVAk8YIevs1w==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
215 B 33ms
32ms Image
image/gif 34.240.178.152
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=904124793&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=&adsafe_url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&adsafe_type=abdfq&adsafe_jsinfo=,id:2c8251f9-332a-fcae-f5f7-98e5e2c14ca5,c:k49jsR,sl:outOfView,em:true,fr:true,mn:app02ie,pt:1-5-15,wc:0.0.1600.1200,ac:258.3769.1100.420,am:i,cc:258.3769.1100.420,piv:0,obst:0,th:0,reas:l,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,fm:s6leCFL+11|12|13|14|15|16|17|18|19|1a|1b1|1c*.10764|1c1|1c2|1d|1e|1f,idMap:1c*,pl:,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:109,oid:d05d9a0a-d354-11ea-9c0c-02c790015d1e,v:19.8.107,sp:1,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.178.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-178-152.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:41 GMT
x-server-name: app20.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 46ms
12ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=2c8251f9-332a-fcae-f5f7-98e5e2c14ca5&tv={c:k49jsT,pingTime:-8,time:110,type:l,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:110,n:0,pp:0,pm:0},slEvents:[{sl:o,t:107,wc:0.0.1600.1200,ac:258.3769.1100.420,am:i,cc:258.3769.1100.420,piv:0,obst:0,th:0,reas:l,bkn:{piv:[19~0],as:[19~1100.420]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s6leCFL+11|12|13|14|15|16|17|18|19|1a|1b1|1c*.10764|1c1|1c2|1d|1e|1f,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:41 GMT
X-Server-Name: dt86ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 37ms
12ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=2c8251f9-332a-fcae-f5f7-98e5e2c14ca5&tv={c:k49jtr,pingTime:-2,time:144,type:a,im:{pBlk:125,sf:0,pom:1,prf:{beA:257,beZ:259,mfA:344,cmA:345,inA:345,inZ:351,prA:351,prZ:357,si:366,poA:368,bl:382,poZ:382,cmZ:382,mfZ:382,loA:388,loZ:391,ltA:401,ltZ:401}},sca:{dfp:{df:4,sz:1100.420,dom:div}},env:{cca:true,gca:true,gca2:false},clog:[{piv:0,vs:o,r:l,w:1100,h:420,t:107}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:144,n:0,pp:0,pm:0},slEvents:[{sl:o,t:107,wc:0.0.1600.1200,ac:258.3769.1100.420,am:i,cc:258.3769.1100.420,piv:0,obst:0,th:0,reas:l,bkn:{piv:[53~0],as:[53~1100.420]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s6leCFL+11|12|13|14|15|16|17|18|19|1a|1b1|1c*.10764|1c1|1c2|1d|1e|1f,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn,slid:[google_ads_iframe_/4735792/us.reuters/tentpoles/cyberrisk/article_2,google_ads_iframe_/4735792/us.reuters/tentpoles/cyberrisk/article_2__container__,dpslot_connatix_12720239_USKCN24W25W,USKCN24W25W],sinceFw:33,readyFired:true}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:41 GMT
X-Server-Name: dt81ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

POST
H2 200 /
track.adform.net/csimpr/ Frame BAAE 35 B
469 B 19ms
19ms Other
image/gif 37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=37789883&csi=O8yyyLt5ggugtcR6eZXEult3_qU8t94U2xZr5pHTNuhrFqB9PFft3HdaD3WAr8q8gQmdzSS4I_P7-nPJcRgxzSiGY4Q6ynE4B7ivIGwEB29PcdjMJEBJMA2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:41 GMT
server: nginx
status: 200
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.reuters.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
211 B 39ms
39ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gpt_2020072701&jk=1626933070516592&bg=!GxilGABYlOeTD3z-HFQCAAAARFIAAAANCgAEUfs1BpkBhsea6yU3CHUrOB5wdigZXRawG0T4YbH02j5sX2ipNd_9JcW0zgGj8QgBPv2Jq0N3GTqDSqf-fojK_jItABdsI-BLL5kXglNfNrzsL54WbdB2oelK9GtGxag-3nPivAHEAMGeN80CEhLbbzE-iyDXl717nH_cMjyhk-6yLlGaFygqd9nsdIduD7Jk93DCaHd1ZnmpqdK9FfmYQmVGKW07LsBaJ8omcShmlLzpr1Q32QktSSaO5a4pdcUoqK3dRJcM0NJsfZ6eXFWL44OgWmocWjjGNWhJednDgtpqP-lL4Z9wZ8ycsl-6dye36B3icisRp9PrrqnoyUfs8Rktb4t7xTiEUE-T-Z51ZcaEi03wbB6xu0xv4mDGhI9qpyhOHqMhwloIRD7gbtJIncH8YPCqdUiRgRy6xjyhccpKQCVVxzPZMgbfuOLxmXQcOrUCZti-pKqSZGhp26Bhs1ndZrwTsCSJbsR5ZZgRXFi1dVP8k4B_ZZdupok7aIt8IyiV6PbAXJha9AMxHw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sca.17.4.114.js Show response
static.adsafeprotected.com/ Frame 37DA 81 KB
22 KB 6ms
6ms Script
application/javascript 2600:9000:21f3:f400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.114.js
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:f400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 02 May 2020 05:01:21 GMT
content-encoding: gzip
age: 7821503
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Mon, 13 Jan 2020 23:54:54 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via: 1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA2-C2
content-type: application/javascript
x-amz-cf-id: rphEDUBz0tqRAoIH2T0IOBRfU-R0wVJUvKqBL2bEKwIIwKJlwo9hjg==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 32ms
32ms Image
image/gif 34.240.178.152
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=10764&campId=970x250&pubId=4822186048&chanId=247866432&placementId=5400724061&pubCreative=138315302645&pubOrder=2708662048&cb=447709976&custom=leaderboard&custom2=&custom3=0&adsafe_par&impId=cfcea029-d354-11ea-8e39-02bf2b86cc68&adsafe_url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&adsafe_type=abdfq&adsafe_jsinfo=,id:26b9a7a7-a417-ba84-4439-2dfb2449fa01,c:k49ju5,sl:inView,em:true,fr:true,mn:app19ie,pt:1-5-15,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,pl:,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:115,oid:d08063cd-d354-11ea-8c75-068792706006,v:19.8.107,sp:1,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.178.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-178-152.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:41 GMT
x-server-name: app04.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 13ms
12ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49ju6,pingTime:-8,time:116,type:l,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:116,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:115,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[8~100],as:[8~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:41 GMT
X-Server-Name: dt81ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 8259383.js Show response
s1.adform.net/Banners/Elements/Files/6268/8259383/ Frame D5A0 3 KB
2 KB 18ms
17ms Script
application/x-javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/6268/8259383/8259383.js?ADFassetID=8259383&bv=513

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1fb1163d28187416e25e2045924072c9b884118c56dcfc91188e032e5b506669

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
last-modified: Tue, 23 Jun 2020 11:57:41 GMT
server: nginx
status: 200
etag: W/"5ef1ee35-cb1"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 14ms
14ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49juo,pingTime:0,time:134,type:pf,clog:[{piv:100,vs:i,r:,w:970,h:250,t:115}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:134,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:115,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[27~100],as:[27~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:41 GMT
X-Server-Name: dt81ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 13ms
12ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49juy,pingTime:-2,time:144,type:a,im:{sf:0,pom:1,prf:{beA:41,beZ:43,mfA:148,cmA:149,inA:149,inZ:150,prA:150,prZ:154,si:157,poA:158,poZ:162,cmZ:162,mfZ:162,loA:177,loZ:179,ltA:185,ltZ:185}},sca:{dfp:{df:4,sz:970.250,dom:body}},env:{cca:true,gca:true,gca2:false},clog:[{piv:100,vs:i,r:,w:970,h:250,t:115}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:144,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:115,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[36~100],as:[36~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn,slid:[google_ads_iframe_/4735792/us.reuters/tentpoles/cyberrisk/article_1,google_ads_iframe_/4735792/us.reuters/tentpoles/cyberrisk/article_1__container__,canvas_leaderboard_2727214134848492_USKCN24W25W],sinceFw:28,readyFired:true}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:41 GMT
X-Server-Name: dt86ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame D5A0 30 KB
13 KB 22ms
21ms Script
application/x-javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=620
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/load/v/0.0.190/e/.wSBgiD/i/vCAv.IAAAAFAAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 09367caa70514803713fced8ee4ac247e1fbefe5fb13502fb24f20b46804d826

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
last-modified: Mon, 18 May 2020 16:13:35 GMT
server: nginx
etag: W/"5ec2b42f-7875"
x-cache-status: HIT
status: 200
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D5A0 186 KB
48 KB 33ms
13ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/load/v/0.0.190/e/.wSBgiD/i/vCAv.IAAAAFAAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49100
x-xss-protection: 0
last-modified: Wed, 16 Mar 2016 13:51:35 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Jul 2020 17:39:41 GMT

GET
H2 200 vF970x250_JB_SmartAdvertising_Financial_en.js Show response
s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/ Frame D5A0 45 KB
30 KB 24ms
23ms Script
application/x-javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/vF970x250_JB_SmartAdvertising_Financial_en.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/load/v/0.0.190/e/.wSBgiD/i/vCAv.IAAAAFAAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

092cb38034e7ba42e8fd1f025a262c74010ee844fc181a13c61ac41787a68756

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:41 GMT
content-encoding: gzip
last-modified: Tue, 23 Jun 2020 11:57:41 GMT
server: nginx
status: 200
etag: W/"5ef1ee35-b389"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 12ms
12ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=2c8251f9-332a-fcae-f5f7-98e5e2c14ca5&tv={c:k49jvf,time:256,type:e,im:{pWait:7},env:{ar:self.0},es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:256,n:0,pp:0,pm:0},slEvents:[{sl:o,t:107,wc:0.0.1600.1200,ac:258.3769.1100.420,am:i,cc:258.3769.1100.420,piv:0,obst:0,th:0,reas:l,bkn:{piv:[165~0],as:[165~1100.420]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:66,fm:s6leCFL+11|12|13|14|15|16|17|18|19|1a|1b.10764|1b1|1c*.10764|1c1|1c2|1d|1e|1f,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:41 GMT
X-Server-Name: dt86ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 12ms
12ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49jvk,time:192,type:e,env:{ar:self.0},es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:192,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:115,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[84~100],as:[84~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:17,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:41 GMT
X-Server-Name: dt81ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 chatbox1.png
s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/ Frame D5A0 35 KB
35 KB 19ms
19ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/chatbox1.png

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

cf2306b9feb8c0a2d21afe0d307b1066d3ee5eced9f7f1c23bf84811d8c8ad75

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Tue, 23 Jun 2020 11:57:40 GMT
server: nginx
status: 200
etag: "5ef1ee34-8b06"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 35590

GET
DATA 200
OK truncated
/ Frame D5A0 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D5A0 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

206
Partial Content

vF970x250_Financial.mp4
pipe03.sitebarad.com/riverhost/Julius%20Baer/0042%20Smart%20Advertising/04_Video_Low_1x/vF970x250_JB_SmartAdvertising_Financial_en/ Frame D5A0
Redirect Chain

https://balancer.sitebarad.com/riverhost/Julius%20Baer/0042%20Smart%20Advertising/04_Video_Low_1x/vF970x250_JB_SmartAdvertising_Financial_en/vF970x250_Financial.mp4
https://pipe03.sitebarad.com/riverhost/Julius%20Baer/0042%20Smart%20Advertising/04_Video_Low_1x/vF970x250_JB_SmartAdvertising_Financial_en/vF970x250_Financial.mp4

944 KB
944 KB

65ms
21ms

Media
video/mp4

46.231.207.181
ASN-METANET Routi...

General

Check archive.org

Show headers Download Go to

Full URL: https://pipe03.sitebarad.com/riverhost/Julius%20Baer/0042%20Smart%20Advertising/04_Video_Low_1x/vF970x250_JB_SmartAdvertising_Financial_en/vF970x250_Financial.mp4
Requested by: Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.231.207.181 Bellach, Switzerland, ASN21069 (ASN-METANET Routing/peering issues: noc@metanet.ch, CH),
Reverse DNS: rc17w3108.dnh.net
Software: nginx / PleskLin
Resource Hash: f2a4b8eca1da948f9dc47eb9a7eddb441d0c926be47d6dd055bfd43f281c7ed2

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 31 Jul 2020 17:40:14 GMT
Last-Modified: Fri, 03 Jul 2020 08:52:10 GMT
Server: nginx
Access-Control-Allow-Origin: *
X-Powered-By: PleskLin
ETag: "5efef1ba-ebf0d"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: video/mp4
Content-Range: bytes 0-966412/966413
Access-Control-Expose-Headers: Content-Length
Connection: keep-alive
Access-Control-Allow-Headers: Range
Content-Length: 966413

Redirect headers

date: Fri, 31 Jul 2020 17:39:42 GMT
server: nginx
status: 301
x-powered-by: PleskLin
location: https://pipe03.sitebarad.com/riverhost/Julius%20Baer/0042%20Smart%20Advertising/04_Video_Low_1x/vF970x250_JB_SmartAdvertising_Financial_en/vF970x250_Financial.mp4
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html; charset=iso-8859-1
access-control-allow-origin: *
access-control-expose-headers: Content-Length
access-control-allow-headers: Range
content-length: 370

GET
H2 200 chatbox2.png
s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/ Frame D5A0 8 KB
8 KB 19ms
19ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/chatbox2.png

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ae0a54c57bc625c5af8742f7655f75bc94b148ed3cc638507dff2176f2c8dce8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Tue, 23 Jun 2020 11:57:40 GMT
server: nginx
status: 200
etag: "5ef1ee34-2039"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 8249

GET
H2 200 chatbox3.png
s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/ Frame D5A0 28 KB
28 KB 19ms
19ms Image
image/png 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/chatbox3.png

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c118b64bbb3ed166f68f2f5c02469cd1373f6abff79ab495b1f33726a972f53d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Tue, 23 Jun 2020 11:57:40 GMT
server: nginx
status: 200
etag: "5ef1ee34-6f06"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 28422

GET
H2 200 profil1.jpg
s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/ Frame D5A0 3 KB
3 KB 23ms
23ms Image
image/jpeg 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/profil1.jpg

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f46352b7163b3636d127be739e4adca5bba29cb87247098ec04bde2dc5575702

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Tue, 23 Jun 2020 11:57:40 GMT
server: nginx
status: 200
etag: "5ef1ee34-a73"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 2675

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 13ms
13ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=2c8251f9-332a-fcae-f5f7-98e5e2c14ca5&tv={c:k49jyI,pingTime:-10,time:471,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.4.114v220002022000220000022002222000022220202020222220222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222222000220000222202222202222000002002002222222222220022202200222002220222202,sd:MTcuNC4xMTR2MTIwMHx8MTYwMHx8MXx8MXx8MjR8fDEyMDB8fDB8fDB8fDF8fGxhbmRzY2FwZS1wcmltYXJ5fHwyNHx8NC8zfHw0LzN8fDB8fDE2MDA-,no:MTcuNC4xMTR2TW96aWxsYXx8TmV0c2NhcGV8fG58fDE2fHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8LTEyMHx8TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,asp:1596217182123||112e523fe8825ab75cb24513d2c31922||71ff54ebddb1e090fbf173d96e2342c8||da8ecadb24e67f8f25840a6f295c3630||68a13cf09a7206705d1b33da58584d56||39ce0c8c45e796583b489d7803d5ce09||563ba44adee7217a95a42ed3bd8f2b40||6d13cfdeeef457c56b25d077f04abd1e||1576000828}
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:42 GMT
X-Server-Name: dt81ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 profil2.jpg
s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/ Frame D5A0 2 KB
3 KB 21ms
21ms Image
image/jpeg 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/6268/8259383/bvpath_513/profil2.jpg

Requested by

Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

67238e3d12ebbeeea890e4e9a67611b31bb21d2a0d22e7179876ffb06a6a8719

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Tue, 23 Jun 2020 11:57:40 GMT
server: nginx
status: 200
etag: "5ef1ee34-9e3"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 2531

GET
H2 200 connatix.player.css
cds.connatix.com/p/40500/ Frame F3BA 49 KB
8 KB 6ms
5ms Stylesheet
text/css 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/40500/connatix.player.css
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.player.dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ace51a72013536c8eaf6085895fa699f5d4a29a6a32587e39d709be1d5e28b2c

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:42 GMT
content-encoding: gzip
age: 26616
x-cache: HIT, HIT
status: 200
content-length: 8086
x-served-by: cache-dca17745-DCA, cache-hhn4069-HHN
access-control-allow-origin: *
last-modified: Fri, 31 Jul 2020 09:46:16 GMT
x-timer: S1596217182.153660,VS0,VE0
etag: "f4471203e2e8955c274b538ee32eb93c"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 3321

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 28ms
9ms Image
image/gif 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=139&fi=1&apd=278&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=reuters.com&L1id=4822186048&L2id=2708662048&L3id=5400724061&L4id=138315302645&S1id=3735912&S2id=247866432&ord=1596217181685&r=867960484200&t=meas&bedc=1&q=1&nu=1&ib=1&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 31 Jul 2020 17:39:42 GMT

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 26ms
7ms Image
image/gif 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=139&fi=1&apd=278&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=reuters.com&L1id=4822186048&L2id=2708662048&L3id=5400724061&L4id=138315302645&S1id=3735912&S2id=247866432&ord=1596217181685&r=867960484200&t=fv&bedc=1&q=2&nu=1&ib=1&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 31 Jul 2020 17:39:42 GMT

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 26ms
8ms Image
image/gif 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=139&fi=1&apd=278&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=reuters.com&L1id=4822186048&L2id=2708662048&L3id=5400724061&L4id=138315302645&S1id=3735912&S2id=247866432&ord=1596217181685&r=867960484200&t=nht&bedc=1&q=3&nu=1&ib=1&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 31 Jul 2020 17:39:42 GMT

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 20ms
6ms Image
image/gif 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=155&fi=1&apd=294&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=reuters.com&L1id=4822186048&L2id=2708662048&L3id=5400724061&L4id=138315302645&S1id=3735912&S2id=247866432&ord=1596217181685&r=867960484200&t=hdn&bedc=1&q=4&nu=1&ib=1&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 31 Jul 2020 17:39:42 GMT

POST
H/1.1 200
OK sr Show response
capi.connatix.com/tr/ Frame BCB9 0
324 B 425ms
107ms XHR
multipart/form-data 18.191.59.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sr?v=40500
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.59.223 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-59-223.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Fri, 31 Jul 2020 17:39:42 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 2_media.bin Show response
vid.connatix.com/fe48cbd4-cfa7-4d2a-8271-695827b127eb/ Frame BCB9 632 B
724 B 26ms
7ms XHR
application/octet-stream 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/fe48cbd4-cfa7-4d2a-8271-695827b127eb/2_media.bin
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.player.dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 61c1143652fb713573bdb6c9482b2c7e0ef207b4d4ed8d2a38f8a7a711db2cf6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:42 GMT
content-encoding: gzip
age: 23873
x-cache: HIT, HIT
status: 200
content-length: 459
x-served-by: cache-bwi5129-BWI, cache-hhn4031-HHN
last-modified: Fri, 31 Jul 2020 10:26:27 GMT
x-timer: S1596217182.475621,VS0,VE0
etag: "736fe17aede3074da23d3f7f17c5ba34"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 19, 40

POST
H/1.1 200
OK ps Show response
capi.connatix.com/tr/ Frame BCB9 0
324 B 425ms
108ms XHR
multipart/form-data 18.191.59.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ps?v=40500
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.59.223 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-59-223.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Fri, 31 Jul 2020 17:39:42 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK ao Show response
capi.connatix.com/tr/ Frame BCB9 0
324 B 424ms
107ms XHR
multipart/form-data 18.191.59.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ao?v=40500
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.59.223 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-59-223.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Fri, 31 Jul 2020 17:39:42 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/fe48cbd4-cfa7-4d2a-8271-695827b127eb/ Frame F3BA 10 KB
10 KB 8ms
7ms Image
image/webp 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/fe48cbd4-cfa7-4d2a-8271-695827b127eb/1_th.jpg?crop=755:425,smart&width=755&height=425&format=jpeg&quality=60&fit=crop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b0584baa8764e124251eaf889ffccf8653b3f5742f209d5067622f807cd8ccc1

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:42 GMT
via: 1.1 varnish, 1.1 varnish
age: 23873
x-cache: HIT, HIT
fastly-io-info: ifsz=77605 idim=2562x1440 ifmt=jpeg ofsz=10228 odim=755x425 ofmt=webp
status: 200
fastly-stats: io=1
content-encoding: gzip
content-length: 10251
x-served-by: cache-dca17778-DCA, cache-hhn4069-HHN
x-timer: S1596217183.500272,VS0,VE0
etag: "jOBjftcRNbjN7114sMJCC1yZ+arIvgpsvrk3HQMsoAU"
vary: Accept
x-amz-request-id: E5D80F201B4705CA
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
content-type: image/webp
x-cache-hits: 1, 2

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame BCB9 31 KB
5 KB 685ms
373ms XHR
multipart/form-data 18.191.59.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=40500
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.59.223 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-59-223.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: bde6c9444ff7f92f2091cef4abe4f2f05ec0abfdb2dd54b532ac30f3e0d1bd5b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Fri, 31 Jul 2020 17:39:43 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 7ms
6ms Image
image/gif 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=156&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=reuters.com&L1id=20159232&L2id=453477432&L3id=4806613891&L4id=138288736159&S1id=3735912&S2id=247866432&ord=1596217181403&r=899246710647&t=meas&bedc=1&q=1&nu=1&ib=1&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 31 Jul 2020 17:39:42 GMT

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 7ms
7ms Image
image/gif 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=156&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=reuters.com&L1id=20159232&L2id=453477432&L3id=4806613891&L4id=138288736159&S1id=3735912&S2id=247866432&ord=1596217181403&r=899246710647&t=nht&bedc=1&q=2&nu=1&ib=1&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 31 Jul 2020 17:39:42 GMT

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 6ms
6ms Image
image/gif 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=200&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=reuters.com&L1id=20159232&L2id=453477432&L3id=4806613891&L4id=138288736159&S1id=3735912&S2id=247866432&ord=1596217181403&r=899246710647&t=hdn&bedc=1&q=3&nu=1&ib=1&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 31 Jul 2020 17:39:42 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0C68 42 B
112 B 40ms
40ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuh85I8VLEF1r8AvXiUtqkE4NFBth80hhPy2pgoV9LalQV7hVo_kTAW5GB3o8SQWd5W3twMq84_mc1aXKJ1F_fwNHdCvJsFDwhLLUPJ5AmYChsnUvfSztgalp7eIA&sai=AMfl-YRS8CW0Bba7muxXdj90mKkMZ0HRlcYzvNKuLchnSAt4F3Y0X9kqCTpMWePOXmyZfzxb8e08GJkfSgNLRJagvCQ4aU9E-0wwR0fOuY4PzxgtKIR0auMuJmE-g3eVPrE&sig=Cg0ArKJSzHnSoy1qkRr5EAE&cid=CAASPeRoc6Vxag9KnEfAQ66g-WJ40gBEiMHh42T3ozbTdwcyZ1xoWRplO0Uqo03DTbkfuqulk3gghrzQB9DCoUM&id=ampim&o=1140,686&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1007&mtos=0,0,1007,1007,1007&tos=0,0,1007,0,0&tfs=378&tls=1385&g=100&h=100&tt=1386&r=v&avms=ampa&adk=2961757527

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame BAAE 42 B
107 B 39ms
39ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvEgqApHetVEdkV4ykD1beBsLSkGosytQ3xAtfn1Y_cKHbV_dOl85YM2-lvcYuHWk2fu8W4FIt2AzpRiYvTvZHRg9t-aBcRkqOhhW78zk0&sig=Cg0ArKJSzFYiuupxlOnaEAE&adk=284456772&tt=-1&bs=1600%2C1200&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&p=92,315,342,1285&mcvt=1008&rs=0&ht=0&tfs=18&tls=1026&mc=1&lte=1&bas=0&bac=0&met=mue&la=1&avms=nio&exg=1&md=2&btr=0&cpmav=0&lm=2&rst=1596217181162&dlt&rpt=535&isd=0&msd=0&ext&xdi=0&ps=1600%2C8037&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-9-3-8-8-0-0-0&tvt=1024&is=970%2C250&iframe_loc=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&r=v&id=osdim&vs=4&uc=9&upc=1&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200729

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 14ms
13ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49jKy,pingTime:1,time:1136,type:p,clog:[{piv:100,vs:i,r:,w:970,h:250,t:115}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1136,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:115,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1028~100],as:[1028~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:120,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:42 GMT
X-Server-Name: dt81ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 13ms
12ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49jKy,pingTime:1,time:1136,type:pf,clog:[{piv:100,vs:i,r:,w:970,h:250,t:115}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1136,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:115,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1029~100],as:[1029~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:120,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:42 GMT
X-Server-Name: dt86ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 27ms
12ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49jKz,pingTime:1,time:1137,type:c,clog:[{piv:100,vs:i,r:,w:970,h:250,t:115}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1137,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:115,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1029~100],as:[1029~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:120,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:publ1,cmr:t}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:42 GMT
X-Server-Name: dt86ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 27ms
13ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49jKz,pingTime:1,time:1137,type:c,clog:[{piv:100,vs:i,r:,w:970,h:250,t:115}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1137,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:115,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1029~100],as:[1029~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:120,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:grpm1,cmr:t}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:42 GMT
X-Server-Name: dt81ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 13ms
12ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49jLD,pingTime:-10,time:1203,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.4.114v220002022000220000022002222000022220202020222220222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222222000220000222202222202222000002002002222222222220022202200222002220222202,sd:MTcuNC4xMTR2MTIwMHx8MTYwMHx8MXx8MXx8MjR8fDEyMDB8fDB8fDB8fDF8fGxhbmRzY2FwZS1wcmltYXJ5fHwyNHx8NC8zfHw0LzN8fDB8fDE2MDA-,no:MTcuNC4xMTR2TW96aWxsYXx8TmV0c2NhcGV8fG58fDE2fHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8LTEyMHx8TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,asp:1596217182123||112e523fe8825ab75cb24513d2c31922||71ff54ebddb1e090fbf173d96e2342c8||da8ecadb24e67f8f25840a6f295c3630||68a13cf09a7206705d1b33da58584d56||39ce0c8c45e796583b489d7803d5ce09||563ba44adee7217a95a42ed3bd8f2b40||6d13cfdeeef457c56b25d077f04abd1e||1576000828,sca:{spg:2c8251f9-332a-fcae-f5f7-98e5e2c14ca5}}
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:42 GMT
X-Server-Name: dt81ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
www.reuters.com/article/us-cyber-cwt-ransom/ Frame F3BA 64 KB
64 KB 12ms
11ms Image
text/html 143.204.201.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.68 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-68.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:34:57 GMT
content-encoding: gzip
age: 507
x-cache: Hit from cloudfront
status: 200
last-updateda: Fri, 31 Jul 2020 15:03:18 GMT
channel-name: RCOMUS_Cyberrisk
access-control-allow-origin: http://admin.reuters.com
server: nginx
vary: Accept-Encoding
content-type: text/html;charset=UTF-8
via: 1.1 48391c4ed2c51e95dcabcb70cf613127.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
access-control-allow-headers: Access-Control-Allow-Origin,charset
x-amz-cf-id: gKkW8_FafO2A2s7VrsTj15aCxJD2_7zJrRPS6dIdGFFfpK-CDp0e4g==
expires: Fri, 31 Jul 2020 17:31:11 GMT

GET
H/1.1 206
Partial Content ob4fitpf368ffec7169c47ed8c89724bbec58c8e.mp4
v.adsrvr.org/66fdp7h/w1twugj/ Frame F3BA 33 MB
0 28ms
7ms Media
video/mp4 13.35.255.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://v.adsrvr.org/66fdp7h/w1twugj/ob4fitpf368ffec7169c47ed8c89724bbec58c8e.mp4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.255.55 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

Date: Fri, 31 Jul 2020 08:26:58 GMT
Via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
Last-Modified: Tue, 21 Jul 2020 14:18:07 GMT
Server: AmazonS3
Age: 33166
ETag: "351c8ff66e1c7daedafffa5f53934c73"
X-Cache: Hit from cloudfront
Content-Type: video/mp4
Content-Range: bytes 0-37957296/37957297
Connection: keep-alive
X-Amz-Cf-Pop: FRA6-C1
Accept-Ranges: bytes
Content-Length: 37957297
X-Amz-Cf-Id: HxBOW436Z-oz_GRV2YfjbyB_HrkHY4vI95gORFQCBGaGxAo8i3JAKA==

POST
H/1.1 200
OK ai Show response
capi.connatix.com/tr/ Frame BCB9 0
324 B 108ms
108ms XHR
multipart/form-data 18.191.59.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ai?v=40500
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/40500/connatix.player.dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.59.223 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-59-223.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Fri, 31 Jul 2020 17:39:43 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://www.reuters.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 /
insight.adsrvr.org/enduser/video/ Frame F3BA 0
100 B 94ms
31ms Image
text/plain 52.30.152.201
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/enduser/video/?ve=creativeView&imp=78c79446-d76a-4753-a572-04436ab4267c&ag=3l900fy&crid=ob4fitpf&cf=1560624&fq=0&td_s=www.reuters.com&rcats=jba&mcat=&mste=&mfld=3&mssi=None&mfsi=5khgj5tqwf&sv=rubicon&uhow=139&agsa=&wp=0A055264465133F4&rgco=Germany&rgre=&rgme=&rgci=&rgz=&dt=PC&osf=OSX&os=Other&br=Chrome&svpid=19564&rlangs=en&mlang=&did=&rcxt=Other&tmpc=&vrtd=&osi=&osv=&daid=&dnr=0&vpb=PreRoll&c=MAQ4AkgAUAE.&dur=CjsKImNoYXJnZS1hbGxJbnRlZ3JhbFZpZGVvQnJhbmRTYWZldHkiFQjm__________8BEghpbnRlZ3JhbApCCiljaGFyZ2UtYWxsSW50ZWdyYWxWaWRlb1N1c3BpY2lvdXNBY3Rpdml0eSIVCOX__________wESCGludGVncmFs&crrelr=&npt=&svscid=xapi%3A227242%3AM-3X8aJOI6Fg&mk=Apple&mdl=Chrome%20-%20OS%20X&ipl=1120088&fpa=932&pcm=3&ict=Unknown&said=d098208192938ebdbe9c87757656b045bbc8f77a&auct=1&grdc=CAE.&sfe=115bd75e&vp=0&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.152.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-152-201.eu-west-1.compute.amazonaws.com
Software: / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 31 Jul 2020 17:39:43 GMT
cache-control: private
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET

GET
H/1.1 200
OK 70bbe1a9-84b6-40ec-87d3-5c4a42428435
beacon-nf.rubiconproject.com/beacon/v/ Frame F3BA 43 B
268 B 76ms
6ms Image
image/webp 69.173.144.158
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-nf.rubiconproject.com/beacon/v/70bbe1a9-84b6-40ec-87d3-5c4a42428435?oo=0&accountId=19564&siteId=227242&zoneId=1120088&sizeId=201&e=498E45A22EEBCA46C17A0564920E8B0CD1CAC868DFDC9D7899C98A41782C058507348C30BEB2DE371BC17DDC523584886E433112A311BC786C884174E37A592FF143CBA9DB8EE1437AD983859DFDB27BA5DA1292B1F19E85626FFCF3313C019DDEAD90A3B2D60B9AAB425D54636EEF9CC3B047D646128CD523B6B8E2B9ECFCE16B6D5B9B2F049D05EF9A3D1C1DD19F803620B9BF95C45590D9C3F361B780E95A35C928E27FCE2C0A7EA0337ABC5A25EB182E990671059A9B87FE7340015C0C6D0C7CA7D5DFC634462F5C982A237296540BA516F470CDEE5ABD9411EA6972886EE2F89768D1603D12950201BEDF901479B80A1B0AD32928EC&
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.158 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:42 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/webp
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.68 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-68.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:34:57 GMT
content-encoding: gzip
age: 507
x-cache: Hit from cloudfront
status: 200
last-updateda: Fri, 31 Jul 2020 15:03:18 GMT
channel-name: RCOMUS_Cyberrisk
access-control-allow-origin: http://admin.reuters.com
server: nginx
vary: Accept-Encoding
content-type: text/html;charset=UTF-8
via: 1.1 48391c4ed2c51e95dcabcb70cf613127.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
access-control-allow-headers: Access-Control-Allow-Origin,charset
x-amz-cf-id: uY0InURzVuqHWCcBDrd_DGS85LEnHQDJ4CD350yQA8yBzHaq3E8fpQ==
expires: Fri, 31 Jul 2020 17:31:11 GMT

GET
H2 200 rubicon
use-tor.adsrvr.org/bid/feedback/ Frame F3BA 807 B
971 B 301ms
96ms Image
image/gif 209.15.45.172
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://use-tor.adsrvr.org/bid/feedback/rubicon?iid=78c79446-d76a-4753-a572-04436ab4267c&crid=ob4fitpf&wp=0A055264465133F4&aid=1&wpc=USD&sfe=115bd75e&puid=&tdid=00000000-0000-0000-0000-000000000000&pid=66fdp7h&ag=3l900fy&adv=w1twugj&sig=1jf-lEAhnaTbxfmrM-es3AQ7dV0i8HB0nnABl8oF3WsY.&bp=0.9638952730719089736&cf=1560624&fq=0&td_s=www.reuters.com&rcats=jba&mcat=&mste=&mfld=3&mssi=None&mfsi=5khgj5tqwf&uhow=139&agsa=&rgco=Germany&rgre=&rgme=&rgci=&rgz=&svbttd=1&dt=PC&osf=OSX&os=Other&br=Chrome&rlangs=en&mlang=&svpid=19564&did=&rcxt=Other&lat=0.890000&lon=0.160000&tmpc=&daid=&vp=0&osi=&osv=&bffi=41&mk=Apple&mdl=Chrome%20-%20OS%20X&vpb=PreRoll&c=MAQ4AkgAUAE.&dur=CjsKImNoYXJnZS1hbGxJbnRlZ3JhbFZpZGVvQnJhbmRTYWZldHkiFQjm__________8BEghpbnRlZ3JhbApCCiljaGFyZ2UtYWxsSW50ZWdyYWxWaWRlb1N1c3BpY2lvdXNBY3Rpdml0eSIVCOX__________wESCGludGVncmFs&crrelr=&ipl=1120088&fpa=932&pcm=3&grdc=CAE.&said=d098208192938ebdbe9c87757656b045bbc8f77a&ict=Unknown&auct=1&im=1&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 209.15.45.172 Jacksonville, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: /
Resource Hash: 3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:42 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
content-length: 807
expires: -1

GET
H2

200

view_pixel_1x1.gif
secureir.ebaystatic.com/cr/mscdn/3af5e94569654ff63901ea26ef9bbabb/ Frame F3BA
Redirect Chain

https://rover.ebay.com/ar/1/707-159525-476830-2/4?mpt=610055&ff18=mWeb&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=536036&
https://secureir.ebaystatic.com/cr/mscdn/3af5e94569654ff63901ea26ef9bbabb/view_pixel_1x1.gif

43 B
454 B

32ms
6ms

Image
image/gif

2.18.234.107
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secureir.ebaystatic.com/cr/mscdn/3af5e94569654ff63901ea26ef9bbabb/view_pixel_1x1.gif

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.234.107 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-234-107.deploy.static.akamaitechnologies.com

Software

ebay server /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

suppress-x-frame-options: true
content-encoding: gzip
x-content-type-options: nosniff
x-cache-lookup: MISS from lvsincludecache-2522849:80
status: 200
content-length: 57
x-xss-protection: 1; mode=block
server: ebay server
date: Fri, 31 Jul 2020 17:39:43 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
rlogid: t6q%60uebwh%3D9iptq%60uebwh*7554374-1738f54ad46-0xd5
access-control-allow-headers: *
expires: Sat, 31 Jul 2021 17:39:43 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:42 GMT
Server: ebay server
Strict-Transport-Security: max-age=31536000
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"
location: https://secureir.ebaystatic.com/cr/mscdn/3af5e94569654ff63901ea26ef9bbabb/view_pixel_1x1.gif
X-EBAY-C-REQUEST-ID: ri=41KJWgdzqVp%2F,rci=8e60e35e0433ec8a
Cache-Control: private,no-cache,no-store
RlogId: t6qjpbq%3F%3Cumjthu%60t*6o2ks%28rbpv6713-173a5f54e5c-0x10f
Content-Type: image/gif
Content-Length: 0

GET
H/1.1 200
OK adServerESI.aspx
secure.insightexpressai.com/adServer/ Frame F3BA 35 B
2 KB 55ms
32ms Image
image/gif 2a02:26f0:6c00:298::1ec4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.insightexpressai.com/adServer/adServerESI.aspx?script=false&bannerID=7421931&rnd=%%TTD_Cachbuster%%&gdpr=&gdpr_consent=&redir=https://secure.insightexpressai.com/adserver/1pixel.gif&

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:298::1ec4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Resource Hash

22816a00dfe9fcdc30063d22717ab9cbab3aeb2a8e9844e9d774d256dc48b7c8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Vary: Accept-Encoding
P3P: CP="NOI DSP COR NID CUR ADMa OUR STP STA"
Connection: keep-alive
Content-Length: 35
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: unsafe-url
X-Frame-Options: ALLOWALL
Date: Fri, 31 Jul 2020 17:39:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif
Cache-Control: max-age=0, no-cache
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
X-Content-Type-Options: nosniff
Expires: Fri, 31 Jul 2020 17:39:43 GMT

GET
H/1.1 200
OK 70bbe1a9-84b6-40ec-87d3-5c4a42428435
beacon-us-iad2.rubiconproject.com/beacon/v/ Frame F3BA 43 B
268 B 431ms
92ms Image
image/webp 8.43.72.44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-us-iad2.rubiconproject.com/beacon/v/70bbe1a9-84b6-40ec-87d3-5c4a42428435?oo=0&accountId=19564&siteId=227242&zoneId=1120088&sizeId=201&e=CBADCB97774921C6BFAE5D6EE9B2B6E200BC318EE4D121A8F45BB90FDBBEE768285F93EC3F4031F80DE5F5D2D8B7217038036B02CFE0C42AD147F03C3FBF9C8C7FADBCC72460489B4070ED26E1C8A1958E223D055D8B8D4951E91FF50F2E2302F7C80029AAF2EEC8B108886608120FF4E98E079D1CD2B8CD1F58F17E7C6B6D7BD9E305E148E9129AAEDBFE56A66D522893DD1BD35A74599D5E5602F50F5C1D330013C1BFF8186EEF601991A1DCFA443EEEA72C650572867993DA950634142F67FDC7548137E43A743AB6E0028641C0200576D61B920A56FC1555F0289019E9F018FF88C7FA4E98C9A16C060897D6DA2DFB3D0FB62BF2D568&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 8.43.72.44 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:43 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/webp
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame F3BA
Redirect Chain

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=rubicon&google_cm&google_sc&
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESECqIS4ytsqf9mdd9qopnNAM&google_cver=1

0
239 B

41ms
9ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESECqIS4ytsqf9mdd9qopnNAM&google_cver=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:43 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=1&put=CAESECqIS4ytsqf9mdd9qopnNAM&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 337
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame F3BA
Redirect Chain

https://rtd.tubemogul.com/upi/pid/btu4jd3a?gdpr=1&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&
https://rtd-tm.everesttech.net/upi/pid/btu4jd3a?gdpr=1&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&
https://rtd-tm.everesttech.net/ct/upi/pid/btu4jd3a?gdpr=1&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&&_test=XyRXXwAAAEBDTg9x
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=XyRXXwAAAEBDTg9x

0
239 B

8ms
8ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=XyRXXwAAAEBDTg9x
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:43 GMT
via: 1.1 varnish
server: Jetty(9.3.8.v20160314)
x-timer: S1596217184.566379,VS0,VE181
status: 302
x-served-by: cache-fra19161-FRA
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=XyRXXwAAAEBDTg9x
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame F3BA
Redirect Chain

https://sync.tidaltv.com/GenericUserSync.ashx?gdpr=1&dpid=695&
https://sync.tidaltv.com/genericusersync.ashx?gdpr=1&dpid=695&&s_h=1
https://pixel.rubiconproject.com/tap.php?v=7206&nid=1197&put=fc51c1be-6f14-4013-9d20-a31667337560&expires=30&gdpr=1&gdpr_consent=

0
239 B

21ms
20ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7206&nid=1197&put=fc51c1be-6f14-4013-9d20-a31667337560&expires=30&gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:43 GMT
Server: Apache-Coyote/1.1
Location: https://pixel.rubiconproject.com/tap.php?v=7206&nid=1197&put=fc51c1be-6f14-4013-9d20-a31667337560&expires=30&gdpr=1&gdpr_consent=
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame F3BA
Redirect Chain

https://sync.mathtag.com/sync/img?gdpr=1&mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=eccc5f24-575f-4300-a3e5-939a4b9321fd

0
239 B

16ms
16ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=eccc5f24-575f-4300-a3e5-939a4b9321fd
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

Redirect headers

Date: Fri, 31 Jul 2020 17:39:43 GMT
Server: MT3 2697 5f18361 master cdg-pixel-x9
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=eccc5f24-575f-4300-a3e5-939a4b9321fd
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 31 Jul 2020 17:39:42 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame F3BA
Redirect Chain

https://i.w55c.net/ping_match.gif?gdpr=1&ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30&
https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=tN5NuuG61K1z0r5&expires=30&

0
239 B

16ms
12ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=tN5NuuG61K1z0r5&expires=30&
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:42 GMT
Server: PixelTracking/v2.0.30-552-ga3432b8#rel-ec2-master i-004494b98e5a5193b@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=tN5NuuG61K1z0r5&expires=30&
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content register
token.rubiconproject.com/ Frame F3BA 0
214 B 61ms
26ms Image
text/plain 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/register?khaos=KDAIHWVQ-F-G6UN&
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 1_th.jpg
img.connatix.com/fe48cbd4-cfa7-4d2a-8271-695827b127eb/ Frame F3BA 10 KB
10 KB 6ms
6ms Image
image/webp 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/fe48cbd4-cfa7-4d2a-8271-695827b127eb/1_th.jpg?crop=755:425,smart&width=755&height=425&format=jpeg&quality=60&fit=crop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b0584baa8764e124251eaf889ffccf8653b3f5742f209d5067622f807cd8ccc1

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 17:39:43 GMT
via: 1.1 varnish, 1.1 varnish
age: 23874
x-cache: HIT, HIT
fastly-io-info: ifsz=77605 idim=2562x1440 ifmt=jpeg ofsz=10228 odim=755x425 ofmt=webp
status: 200
fastly-stats: io=1
content-encoding: gzip
content-length: 10251
x-served-by: cache-dca17778-DCA, cache-hhn4069-HHN
x-timer: S1596217183.405184,VS0,VE0
etag: "jOBjftcRNbjN7114sMJCC1yZ+arIvgpsvrk3HQMsoAU"
vary: Accept
x-amz-request-id: E5D80F201B4705CA
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
content-type: image/webp
x-cache-hits: 1, 3

GET
H2 200 pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 43 B
253 B 8ms
7ms Image
image/gif 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1106&tet=1175&fi=1&apd=1314&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=reuters.com&L1id=4822186048&L2id=2708662048&L3id=5400724061&L4id=138315302645&S1id=3735912&S2id=247866432&ord=1596217181685&r=867960484200&t=iv&bedc=1&q=5&nu=1&ib=1&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:43 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: Apache
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 31 Jul 2020 17:39:43 GMT

GET
H2 200 /
insight.adsrvr.org/enduser/video/ Frame F3BA 0
100 B 32ms
31ms Image
text/plain 52.30.152.201
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/enduser/video/?ve=start&imp=78c79446-d76a-4753-a572-04436ab4267c&ag=3l900fy&crid=ob4fitpf&cf=1560624&fq=0&td_s=www.reuters.com&rcats=jba&mcat=&mste=&mfld=3&mssi=None&mfsi=5khgj5tqwf&sv=rubicon&uhow=139&agsa=&wp=0A055264465133F4&rgco=Germany&rgre=&rgme=&rgci=&rgz=&dt=PC&osf=OSX&os=Other&br=Chrome&svpid=19564&rlangs=en&mlang=&did=&rcxt=Other&tmpc=&vrtd=&osi=&osv=&daid=&dnr=0&vpb=PreRoll&c=MAQ4AkgAUAE.&dur=CjsKImNoYXJnZS1hbGxJbnRlZ3JhbFZpZGVvQnJhbmRTYWZldHkiFQjm__________8BEghpbnRlZ3JhbApCCiljaGFyZ2UtYWxsSW50ZWdyYWxWaWRlb1N1c3BpY2lvdXNBY3Rpdml0eSIVCOX__________wESCGludGVncmFs&crrelr=&npt=&svscid=xapi%3A227242%3AM-3X8aJOI6Fg&mk=Apple&mdl=Chrome%20-%20OS%20X&ipl=1120088&fpa=932&pcm=3&ict=Unknown&said=d098208192938ebdbe9c87757656b045bbc8f77a&auct=1&grdc=CAE.&sfe=115bd75e&vp=0&ast=[ASSETURI]&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.152.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-152-201.eu-west-1.compute.amazonaws.com
Software: / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 31 Jul 2020 17:39:43 GMT
cache-control: private
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET

GET
H/1.1 200
OK 70bbe1a9-84b6-40ec-87d3-5c4a42428435
beacon-nf.rubiconproject.com/beacon/v/ Frame F3BA 43 B
268 B 8ms
8ms Image
image/webp 69.173.144.158
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-nf.rubiconproject.com/beacon/v/70bbe1a9-84b6-40ec-87d3-5c4a42428435?oo=0&accountId=19564&siteId=227242&zoneId=1120088&sizeId=201&e=1B229574577EF1A8D1CAC868DFDC9D7899C98A41782C058507348C30BEB2DE371BC17DDC523584886E433112A311BC786C884174E37A592FF143CBA9DB8EE1437AD983859DFDB27BA5DA1292B1F19E85626FFCF3313C019DDEAD90A3B2D60B9AAB425D54636EEF9CC3B047D646128CD523B6B8E2B9ECFCE16B6D5B9B2F049D05EF9A3D1C1DD19F803620B9BF95C45590D9C3F361B780E95A35C928E27FCE2C0A7EA0337ABC5A25EB182E990671059A9B87FE7340015C0C6D0C7CA7D5DFC634462F5C982A237296540BA516F470CDEE5ABD9411EA6972886EE2F89768D1603D12950201BEDF901479B80A1B0AD32928EC&
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.158 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:42 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/webp
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame BAAE 35 B
469 B 19ms
19ms Other
image/gif 37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=-823847106755900726@@37789883,5147931836077384907,100|1090|0|0|0|0|0|0|0||138|0|||||1|0|0|F8w6uo29S_88eYj1FOIZQ_TXf_OtvP8vE8JMHOIIK0Z66cy3mBi23iMW04-SdyY8_xQboQRki9Q1||1|11|0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:43 GMT
server: nginx
status: 200
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.reuters.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame BAAE 35 B
469 B 19ms
18ms Other
image/gif 37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=-823847106755900726@@37789883,5147931836077384907,100|4289|0|0|0|0|0|0|0||542|0|||||1|0|0|F8w6uo29S_88eYj1FOIZQ_TXf_OtvP8vE8JMHOIIK0Z66cy3mBi23iMW04-SdyY8_xQboQRki9Q1||1|01|0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 31 Jul 2020 17:39:46 GMT
server: nginx
status: 200
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.reuters.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 13ms
12ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49kN8,pingTime:5,time:5140,type:p,clog:[{piv:100,vs:i,r:,w:970,h:250,t:115}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:5140,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:115,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[5032~100],as:[5032~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:15,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:46 GMT
X-Server-Name: dt81ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 13ms
13ms Image
image/gif 104.244.39.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10764&asId=26b9a7a7-a417-ba84-4439-2dfb2449fa01&tv={c:k49kN9,pingTime:5,time:5141,type:pf,clog:[{piv:100,vs:i,r:,w:970,h:250,t:115}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:5141,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:115,wc:0.0.1600.1200,ac:315.92.970.250,am:i,cc:315.92.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[5033~100],as:[5033~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:15,fm:s6leCGS+11|12|13|14|15|16|17|18|19|1a|1b*.10764|1b1|1b2|1c1|1c2|1c3|1d|1e,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.39.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: amidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 31 Jul 2020 17:39:46 GMT
X-Server-Name: dt86ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: code.jquery.com
URL: https://code.jquery.com/jquery-3.4.1.min.js

Verdicts & Comments Add Verdict or Comment

198 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reuters.com/	1970-01-19 13:33:13	Name: _fbp Value: fb.1.1596217180498.2024844871
.reuters.com/	1970-01-19 11:23:37	Name: _gat Value: 1
.reuters.com/	1970-01-19 20:09:13	Name: ajs_anonymous_id Value: %22f567d06f-4b4d-435d-8d81-84fb25ce6b33%22

19 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14) Message: Init Bootstrap with config [object Object]
console-api	log	URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 7) Message: BODY ITEMS [object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
console-api	log	URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14) Message: ###### ias setup complete
console-api	log	URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14) Message: [object Object]
console-api	log	URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 7) Message: bootstrap getResults: [object Object]
console-api	log	(Line 1) Message: Blocking Ads: No
console-api	log	(Line 1) Message: comscore new global fired
console-api	log	URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14) Message: Setup media.net with GDPR consent declined
console-api	log	URL: https://www.dianomi.com/js/videofeed-combined.js?id=123(Line 15) Message: videoAd id 4729 el [object HTMLDivElement] data [object Object]
console-api	log	URL: https://www.dianomi.com/js/videofeed-combined.js?id=123(Line 15) Message: IO Script Loaded
console-api	log	URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14) Message: GPT SET ADMANTX: AccentureAPAC_Negative,Artificial_Intelligence,Barclays,Barclays_2,Boeing_Neg,BofA_Neg,BofA_Neg_Topics,CME_Negative,Cognizant_Coronavirus_3,DIT_Negative_kw1,DWA-Cisco-Coronavirus,Exxon_Negative,FRB,GoldmanSachs,IBM,JPMorgan_Neg,JuliusBaer2020_FinancialPlanning-2,MSFT_Neg,MarcusUSDeposits_1,Mobkoi_FB_Negative,Negative_Keywords_3.2,SaudiAramco_Negative,TradeWeb_AiEx,WorkdayPG_Neg
console-api	log	URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14) Message: GPT SET FOR NON-PERSONALIZED ADS
console-api	log	URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14) Message: GPT SET FOR RESTRICTED DATA PROCESSING
console-api	log	URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14) Message: GPT ENABLE SERVICES
console-api	log	(Line 2) Message: segment identify user with traits: [object Object]
console-api	log	URL: https://www.dianomi.com/js/videofeed-combined.js?id=123(Line 15) Message: Don't know what it is
console-api	info	URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js(Line 421) Message: Powered by AMP ⚡ HTML – Version 2007210634000 https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
console-api	info	URL: https://cdn.ampproject.org/rtv/012007210634000/amp4ads-v0.js(Line 421) Message: Powered by AMP ⚡ HTML – Version 2007210634000 https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.4.114.js(Line 32) Message: a: 0.002197265625ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
api.segment.io
balancer.sitebarad.com
beacon-nf.rubiconproject.com
beacon-us-iad2.rubiconproject.com
beacon.s-onetag.com
beacon.tru.am
c.evidon.com
c9aba862264c892257260ec23d030375.safeframe.googlesyndication.com
capi.connatix.com
cd.connatix.com
cdn.adsafeprotected.com
cdn.ampproject.org
cdn.segment.com
cdn.tinypass.com
cdneu-xch.media.net
cdnjs.cloudflare.com
cds.connatix.com
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
contextual.media.net
dfp-gateway.s-onetag.com
dt.adsafeprotected.com
evidon.mgr.consensu.org
experience.tinypass.com
fonts.googleapis.com
fonts.gstatic.com
geo.moatads.com
get.s-onetag.com
googleads.g.doubleclick.net
gwiqcdn.globalwebindex.net
i.w55c.net
iabmap.evidon.com
img.connatix.com
insight.adsrvr.org
l.betrad.com
mab.chartbeat.com
pagead2.googlesyndication.com
ping.chartbeat.net
pipe03.sitebarad.com
pixel.adsafeprotected.com
pixel.rubiconproject.com
queso-cdn.prod.reuters.tv
reut.rs
reutersdfpcw319687550988.s.moatpixel.com
rover.ebay.com
rtd-tm.everesttech.net
rtd.tubemogul.com
s.mnet-ad.net
s.ytimg.com
s0.2mdn.net
s1.adform.net
s3.reutersmedia.net
s4.reutersmedia.net
sb.scorecardresearch.com
secure.insightexpressai.com
secureir.ebaystatic.com
securepubads.g.doubleclick.net
sope.prod.reuters.tv
static.adsafeprotected.com
static.chartbeat.com
static.reuters.com
stats.g.doubleclick.net
sync.mathtag.com
sync.tidaltv.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
tru.am
usasync01.admantx.com
use-tor.adsrvr.org
v.adsrvr.org
vendorlist.consensu.org
vid.connatix.com
www.dianomi.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.reuters.com
www.youtube.com
z.moatads.com
code.jquery.com
104.18.22.230
104.18.23.230
104.244.39.20
13.35.254.19
13.35.254.2
13.35.254.59
13.35.255.55
143.204.201.10
143.204.201.119
143.204.201.40
143.204.201.68
151.101.114.137
151.101.114.49
151.101.14.49
172.217.23.162
18.158.113.188
18.191.59.223
185.29.135.181
2.18.234.107
209.15.45.172
216.58.212.162
23.210.250.213
23.210.250.97
23.37.53.17
23.62.140.165
23.66.28.46
2406:da00:ff00::36e1:c929
2600:1f18:624f:b001:d0e0:37be:96ba:aebb
2600:9000:2057:1600:18:1fcd:34e:d2a1
2600:9000:2057:7200:5:9a4c:9b00:93a1
2600:9000:2057:a800:18:1fcd:34e:d2a1
2600:9000:2057:be00:10:27b4:f500:93a1
2600:9000:2057:da00:1:af78:4c0:93a1
2600:9000:214f:8400:1e:ef1b:aa40:93a1
2600:9000:21f3:f400:8:48e:53c0:93a1
2606:4700:20::681a:274
2606:4700:20::681a:374
2606:4700::6810:85e5
2606:4700::6811:b7b1
2606:4700::6811:b9b1
2a00:1450:4001:801::2003
2a00:1450:4001:801::2004
2a00:1450:4001:801::2006
2a00:1450:4001:808::2002
2a00:1450:4001:80b::2008
2a00:1450:4001:814::2001
2a00:1450:4001:814::200e
2a00:1450:4001:816::200e
2a00:1450:4001:818::200e
2a00:1450:4001:819::2001
2a00:1450:4001:81e::2001
2a00:1450:4001:81e::200a
2a00:1450:4001:824::2003
2a00:1450:400c:c06::9b
2a02:26f0:6c00:298::1ec4
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::714
3.229.146.249
34.193.24.72
34.240.178.152
35.164.248.150
35.201.93.216
37.157.2.249
37.157.5.142
46.231.207.181
52.215.228.190
52.30.152.201
52.51.244.26
54.84.196.220
64.4.253.237
66.81.204.228
67.199.248.13
69.173.144.138
69.173.144.158
8.43.72.44
80.74.154.241
99.86.0.85
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
02ca2c5aeda3fb45325a6285b93849878382c7d4c6e957e7180e8a3b3d67aedd
0301abe27c75fe3b60eff31ce1d31238c9b84d4f36c037bacf0a8656b6a6fb45
0312527b22556033b32304fb26837927f03b0bf4f8c96f7169e4db49fcb0fce2
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0541539bf2c978c0ddec342e71cdeeb6c741a149356dcf13a01ae4217d28e46b
07e078c5e59f50540a75c50a19fd9f20e5442ce8e4d963010d7a32f89c2fabd9
08403f71ba79ddfc050c707a58a0b0f81e42dd8352249f0525eb74039df12080
0847fb2a4b12a2cfd5b8775ebf0a1ca59c1d8c34894ee2f3f26e827969f39567
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
092cb38034e7ba42e8fd1f025a262c74010ee844fc181a13c61ac41787a68756
09367caa70514803713fced8ee4ac247e1fbefe5fb13502fb24f20b46804d826
09c52e5ea3fdb1ac6d74bf9c68a5411ae21355fb33afd30b8b37c434c3338e2a
0cffe77f7520fe2aa8b9676b1a05bab42b5e755e083a941168f52a9771e29a96
0d445873a2c993e05b6f3566da0b249eb88f249449cf877f2137a10130dd9c56
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0f8f1f84e96e20a05a88c26d795dbeefe2329e6532727849e70759378c5507f4
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11558e1d027dc06afd27bf2613c169508a497d802019b0d97c417097977f00e8
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
15b35c3833a358a2d4da3777fc699f98434d8ad633f05f18b0189ff9425d6ec6
1fb1163d28187416e25e2045924072c9b884118c56dcfc91188e032e5b506669
21a22ffbb31ae72c9efc1970ad750dc83454831721ca163bc6cda04dae21a7d7
22816a00dfe9fcdc30063d22717ab9cbab3aeb2a8e9844e9d774d256dc48b7c8
25a35c5c6242feab4357be95cac4c82b0539d77838352294a35c9f125dcd94a4
272cd4d0dee4106eced14bb1d9cd89bf655fd0bbc39d6bcaece6b1da3bafbc0d
2a56fc6ef6491849e078f58ce14abc8ca377371f370bdf73943c9bf8ccdadbe1
2b8d8ef7fec86e16424f0c6be7f0471a0c29256e074e1336d92876ddb4bc09ff
2e3325db456620e768bfa6a930c1015b6fd4e8b967cbb88d07867883c9e5fa6d
2e974f2b1cce6233e901eafb1aeff26b4c1eeae40da2076504561fd34925b61d
31f14d476f00f561b40eaa467c71aeeb5fcdebd2b9f09128ae16b3f536b333b8
32c832ea0e82afa8eb7fc6fb1119ee315964d640d08aec4688eab269f6f94370
33a31901a144a24e7f7153b2ec965007bb58abea0129ec9e7691d468f959569b
360a25e0b7ac5376a0c319d1eac76df31ffcce5b82faa2f3a0b3ef70f370d151
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
362f337b32736a78d6c980429023bd714828c00f866a6bbc3f448e708e1f33af
38f82a586c4984fdc89697da37dac16d17ed9c1d619510ed32991778b3e21b26
3c0d27b79bfe51d6abbc99eb79bd7731804fa80823d85bce422ee364185c6126
3c514d4fb8244af230a89d2203522c6a67a55a3f161cfd4fca9f53301c0588ff
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
45610b21279531a97f9566b0f0f8a1d287a45ae4bc6bc545971af5cd7e393cc6
476773611cfd8347aa976f40a792dc590a21d9035bee72917202c95cc95401cd
482d82a54d9618d1038baffb214f05b2257d25fae39a68365f97fb1257f9f54a
4a4a6267d34a92d80c12f9bca35df89df88864d07d3894737d5042f1361ab81f
4d463d1b11f7b6328209e348fc882b7d8103740a885e7d0618829be9ed251119
4dfb7c925e9a341c587ecc6af346f2cf875c63da4609858353eed31324e7ac48
5153251b2f264cfb98970a4928ad4a7952267cfba192e68430bb73451a7f4dbe
52b219b3abc5ab92cca6ae15872231f3f6b5126ec25ffc0bd4c4acaaede95276
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
54138d578ed166d5381db70b3dd14a16830233553b6e4213402bae2fdb0564b4
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a8dc156b9152583959fa2ab53e1a41a7f6c22677b6e976a979d3bb8d14ca6d3
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61b20b9c46adb5b1dc3fb3060c81a114ee4def1548976413bbac3645e9cd009c
61c1143652fb713573bdb6c9482b2c7e0ef207b4d4ed8d2a38f8a7a711db2cf6
61c564503fd8c3d2e54685465eaac1999b423c7a7c85fc40f6ac16fc95b44110
62b07f5b473f87a3ebe9738f063584774f835dcf8b0c423cab5f8515c93553f5
6346ee09058d555984eb04aac881775c926b5d9d4f73ca91493f7cb708ed90df
66f14ced94dbd60cb3c1f8fc74f67f01d05b4cbeee93c877a2e86ad31847eb44
67238e3d12ebbeeea890e4e9a67611b31bb21d2a0d22e7179876ffb06a6a8719
698a0d14189cdfa590d112b056e978324c551080f63a9e0b340b6f1b204af296
6aa7c3edbc1ee1fe66d4db0fea18aa2d0bbe0dfae05d228c9ffeeaeacb6f1c53
6d2fe32d253b1c23c584887a2d05bba8d56ad3b233081d190be436c70209ead2
6f23d93c9b8e3ca26f6fcc6be6a8d087e43a3f5795daa3c61017071642f66f3c
7283999b473e6aa50dd8d5db5d65a37a56bd758ac1df316885cfea112c363062
7464555aae6d8d87b77f7170fba1698ff64f7454ded58627ca1819246e9a9969
74d8e9fac4f23dd1a95e7a68dbde7482eb07bac44d2dc26a29f75f4b82ae86cc
78d7768fb1213eced669894455aac7c1bfb17452b25ef69859ab7617cb85856f
796183d0a0b953aabb88c97078232fc5896ea6d45cf1d8501114ad12d9927f6d
7962dce1427363ac8964c27e8a221d2b6f320fa55f7e32df3508b288d99ff915
7c30c656a67a3c902072c7c839344fbe793788edbbaebb4f7a59b4c3c6750897
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
814dbee21d8f470fd6b8dff0590988178cefdac9b8ac822e3113c6026329e4dd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84550346b04d7d987275e2519d8bcbcc6c7ace7518154a15bcaaefe8c875d42f
846c2798cd350c5a6d3757b68e2e5bd8b4c8d6ab1f0abaa39ef6f2caf5af87f5
86f3693160258a17e0ab591806486d18efe63c5d97e2a7ada6ec702d651fbec0
8801c7da15b8585778c8c5246a2aad4d61ad5cc24a0036c0217a7b3159e3276a
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
90b1e886dcd3abe3c4222be615f3426df09091e1e49adfcc59b392f441ee67c0
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
96c55d1a0e501bee6c3b9b91eaccdfb7ed17698f20a219d662c837b595a6824f
9759a41dfd0a9034edbb651001dbf2d7e550adc04c4a50e21721fe35de5aaf7d
9882efec6c0157e8975f801fe48665942333635c9c2b9b3608345e1aa58827b3
9907c69c720960431e4ba9ebe031e010ca948dee8a328fe4c1e49d1fef1dfbc6
99781410070a5dd4d753fdb8a46f4272082b5be64541dcfcb1b2d3c4aea09c6c
9b133863146a5f391e8cee0842cafc7498ae89b6f79edbecfc842055342c1fe2
9c596b9c20eabbb206a5b5cf1c3d33ac8e1a4cb7c2992c53fd158483c40eed09
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9d08f227832ef84abf52f7188704d3c1c73da9eb4d77654ad766810b8838eb96
9f9104dee58871cdb561e4f139fcf095a2fc1fcb0a7778a964975e6b12059c6a
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
aba71be114d19a922fbb29c807df251f16dc31f8ba83f40a14abca672c258bbb
ace51a72013536c8eaf6085895fa699f5d4a29a6a32587e39d709be1d5e28b2c
ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96
adfa0c7de03bc3bea3de80b4a4514881c8b6296568f43a5acd5cd7a16fffd1c9
ae0a54c57bc625c5af8742f7655f75bc94b148ed3cc638507dff2176f2c8dce8
b0584baa8764e124251eaf889ffccf8653b3f5742f209d5067622f807cd8ccc1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b530d2f33467c65e254999ed904332bc40a5aa25c750229790295f6742938b6f
b5771462426214dd38f38352be4e5018e2d479df771d17d87723969efab65a49
b8da6b87651dc4bcd2696386149976e6e280dd7abc98444f140c567e88ce726b
ba607af2c8d414ab6d4bac90c526d90a939cb0adf507b6ba063265347479159d
bb56e9cb6a9934d4d3c871e6aa711d2168e0c74c02cc3388539fe50e57091dca
bd1dc64fac45e75fffefbd76f176c6ea118ab79b88b3efddc5642d4e7c76d4fe
bde6c9444ff7f92f2091cef4abe4f2f05ec0abfdb2dd54b532ac30f3e0d1bd5b
be32ab8a5fce6e41450bf1c29755452cea77040f40b2e9a7da91cc9f7450f5f8
bf3669795bba5ee81c6defbeb24c48986d4693233ce0964138e897363527c3af
bf6f96985d9f9ab3332721601ff06191bfb8630e60fcf414cdde0cdf4e5eb811
c118b64bbb3ed166f68f2f5c02469cd1373f6abff79ab495b1f33726a972f53d
c1acfa727754dab58bedc79995a642e235c6fde6449824c4fba4318fc060c91c
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
c8567ea9f657a5f2ea1633ec26b13de309f60f0921a278db2a9be91d2e48984e
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf2306b9feb8c0a2d21afe0d307b1066d3ee5eced9f7f1c23bf84811d8c8ad75
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfd0da29a6d34ea44fb0035a3a1b409a4a66c091fb0f143ea2f73a643c3f8cef
d0cbfb1ab0f94123834567e32df7ec74a1c210793f797368d41a4b4c2732d4a0
d27b59be0fa35fd199035fb3d095a553cf11e6c7b44d583b2942650fc3da5977
d2d37437a109f838b21f4412430585ee6f73d5a89bb038bfa6f98c3949765679
d4fa79afcf5a5cc5a0f12dedaf825f11530e6397d723fe7044cd37ba3c248e57
d5f23f2b89e3c842dbd272809a6238637ec29e75c419a8f36a942186117ce228
d640ed39630d91dec61dcb107b977293ec29fecbb5e74467e017d872bf76b0db
d7d62426c6b87d35cef5c2c873355aa44edffcf4a7f927f1c51b10694ea4f6ed
d7e294f96184435922e6827a7d1d9ffe3fde9ffde3dca304488ba7b092d87d76
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea7252bfcece3427bc7fc792757e789d164cadcd80ce08d318dfe67b09a33b17
ead1f5d7326f198363f926cfd3ee7a492913e33aa439566801ea3b1d3af50519
edf6ab3553d76573e5d5939c0c4a3ada737c98ee962379b25cbf23c96f17d732
ee0768f9d2def8b13df284410776f5d755109e77b5c0ca17d8895f65b343a0cd
ee956c1f271f819eaeed42fafe8589d5124138757fb8ae7cd7f99352700261a8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9bed8b77ddadf9dd0ba854bd22bc480ba1bbf2c01308183065f4ab729e30a5
f01d25f7a76e0682a7a43230c32bef653eaf28b8a6f7a683ebb88bf8c6aa4f50
f1c91bcbd2f759449d7df5fb84422d1f4e3ead74e43f9d34efb4ec8569f14510
f243b2baeee81a3d0035c388f7e682d3a3b05dbc634e0ef0f2fb95f15a816a2b
f2a4b8eca1da948f9dc47eb9a7eddb441d0c926be47d6dd055bfd43f281c7ed2
f37beed085d2cfdd1386a8942434d8011aa20f2e7afa20d7edfd0d49998da1e7
f46352b7163b3636d127be739e4adca5bba29cb87247098ec04bde2dc5575702
f630c6ea4e44c35a93c0ee2950e68857311d9500d6025abe4a5db3ecaf270e3c
faf40c6481d024246ae76970ee7b8346a54da9a19f5ad61f2384bcd13b09f3a9
fb199303a3c6c4ec7d96d3135a9798cf63f52e829aba12d2ae8c30f01425281a
fce12d2ea048b2cf5d460797b17cd4d3c277ba2a2f9eab31fcbe3a873495e4c3
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
fd6321a73fa53c24f5ac39432a3eaf12305d410b415349e19278548b8a4deb75

www.reuters.com Open in urlscan Pro 143.204.201.68 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

234 Requests

100 %HTTPS

41 %IPv6

53 Domains

86 Subdomains

69 IPs

10 Countries

4615 kBTransfer

45016 kBSize

3 Cookies

25 Outgoing links

Page URL History

Redirected requests

234 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.reuters.com Open in urlscan Pro
143.204.201.68 Public Scan

Screenshot
Live screenshot

Full Image

234
Requests

100 %
HTTPS

41 %
IPv6

53
Domains

86
Subdomains

69
IPs

10
Countries

4615 kB
Transfer

45016 kB
Size

3
Cookies

234 HTTP transactions
12 data transactions