urlscan.io logo urlscan.io
SecurityTrails logo

www.reuters.com Open in urlscan Pro
13.226.155.8  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-crimi...
Effective URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-crimi...
Submission: On August 12 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 54 IPs in 8 countries across 37 domains to perform 177 HTTP transactions. The main IP is 13.226.155.8, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is www.reuters.com.
TLS certificate: Issued by Amazon on March 4th 2020. Valid for: a year.
This is the only time www.reuters.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 13.226.155.8 16509 (AMAZON-02)
16 13.226.155.12 16509 (AMAZON-02)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
2 2600:9000:218... 16509 (AMAZON-02)
1 2600:9000:218... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
7 104.111.252.228 16625 (AKAMAI-AS)
1 2406:da00:ff0... 14618 (AMAZON-AES)
1 13.226.155.108 16509 (AMAZON-02)
1 13.226.145.149 16509 (AMAZON-02)
17 104.18.22.230 13335 (CLOUDFLAR...)
1 2a04:4e42:1b:... 54113 (FASTLY)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:218... 16509 (AMAZON-02)
3 34.231.28.41 14618 (AMAZON-AES)
1 2600:1f18:624... 14618 (AMAZON-AES)
1 3 104.111.238.139 16625 (AKAMAI-AS)
1 35.201.93.216 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
5 2.18.235.93 16625 (AKAMAI-AS)
1 2600:9000:218... 16509 (AMAZON-02)
1 66.81.204.228 40034 (CONFLUENC...)
2 23.62.140.165 16625 (AKAMAI-AS)
1 54.156.236.131 14618 (AMAZON-AES)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
6 216.58.208.34 15169 (GOOGLE)
8 52.19.116.20 16509 (AMAZON-02)
2 50.112.221.239 16509 (AMAZON-02)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 13.226.155.37 16509 (AMAZON-02)
1 52.45.30.192 14618 (AMAZON-AES)
1 4 2606:4700::68... 13335 (CLOUDFLAR...)
10 2.18.235.40 16625 (AKAMAI-AS)
1 6 151.101.114.137 54113 (FASTLY)
3 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:218... 16509 (AMAZON-02)
2 13.226.155.85 16509 (AMAZON-02)
2 3.10.67.84 16509 (AMAZON-02)
4 2600:9000:218... 16509 (AMAZON-02)
5 18.189.233.21 16509 (AMAZON-02)
14 104.244.37.20 7415 (ADSAFE-1)
1 13.226.155.120 16509 (AMAZON-02)
2 13.226.155.96 16509 (AMAZON-02)
177 54
4    13.226.155.8 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-8.dus51.r.cloudfront.net
www.reuters.com
16    13.226.155.12 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-12.dus51.r.cloudfront.net
static.reuters.com
s3.reutersmedia.net
s4.reutersmedia.net
1    2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
2    2600:9000:2182:6a00:18:1fcd:34e:d2a1 (United States)

ASN16509 (AMAZON-02, US)
static.chartbeat.com
1    2600:9000:2182:e000:1e:ef1b:aa40:93a1 (United States)

ASN16509 (AMAZON-02, US)
queso-cdn.prod.reuters.tv
1    2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
6    2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:81f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
7    104.111.252.228 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-252-228.deploy.static.akamaitechnologies.com
c.evidon.com
1    2406:da00:ff00::36eb:b8ea (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
usasync01.admantx.com
1    13.226.155.108 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-108.dus51.r.cloudfront.net
cdn.adsafeprotected.com
1    13.226.145.149 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-145-149.dus51.r.cloudfront.net
cdn.segment.com
17    104.18.22.230 (United States)

ASN13335 (CLOUDFLARENET, US)
www.dianomi.com
1    2a04:4e42:1b::714 (Ascension Island)

ASN54113 (FASTLY, US)
mab.chartbeat.com
2    2606:4700:20::681a:274 (United States)

ASN13335 (CLOUDFLARENET, US)
tru.am
3    2606:4700::6811:b8b1 (United States)

ASN13335 (CLOUDFLARENET, US)
experience.tinypass.com
cdn.tinypass.com
1    2a00:1450:4001:819::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s.ytimg.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2606:4700::6811:4f6b (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2600:9000:2182:6c00:10:27b4:f500:93a1 (United States)

ASN16509 (AMAZON-02, US)
iabmap.evidon.com
3    34.231.28.41 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-28-41.compute-1.amazonaws.com
l.betrad.com
1    2600:1f18:624f:b000:1a0c:44be:c431:52fe (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
sope.prod.reuters.tv
3    104.111.238.139 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-238-139.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
1    35.201.93.216 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 216.93.201.35.bc.googleusercontent.com
gwiqcdn.globalwebindex.net
1    2606:4700:20::681a:374 (United States)

ASN13335 (CLOUDFLARENET, US)
beacon.tru.am
5    2.18.235.93 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
1    2600:9000:2182:e00:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
vendorlist.consensu.org
1    66.81.204.228 (Virgin Islands (British))

ASN40034 (CONFLUENCE-NETWORK-INC, VG)
s.mnet-ad.net
2    23.62.140.165 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-62-140-165.deploy.static.akamaitechnologies.com
cdneu-xch.media.net
1    54.156.236.131 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-236-131.compute-1.amazonaws.com
evidon.mgr.consensu.org
5    2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
adservice.google.de
1    2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
6    216.58.208.34 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra15s12-in-f2.1e100.net
securepubads.g.doubleclick.net
8    52.19.116.20 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-116-20.eu-west-1.compute.amazonaws.com
pixel.adsafeprotected.com
2    50.112.221.239 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-50-112-221-239.us-west-2.compute.amazonaws.com
api.segment.io
2    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    2a00:1450:4001:814::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com
6    2a00:1450:4001:818::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    13.226.155.37 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-37.dus51.r.cloudfront.net
get.s-onetag.com
1    52.45.30.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-30-192.compute-1.amazonaws.com
ping.chartbeat.net
4    2606:4700::6811:164b (United States)

ASN13335 (CLOUDFLARENET, US)
embed.videodelivery.net
10    2.18.235.40 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com
z.moatads.com
reutersdfpcw319687550988.s.moatpixel.com
6    151.101.114.137 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cd.connatix.com
cds.connatix.com
vid.connatix.com
img.connatix.com
3    2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2600:9000:2182:1600:5:9a4c:9b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
beacon.s-onetag.com
2    13.226.155.85 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-85.dus51.r.cloudfront.net
dfp-gateway.s-onetag.com
2    3.10.67.84 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-10-67-84.eu-west-2.compute.amazonaws.com
geo.moatads.com
4    2600:9000:2182:6e00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
5    18.189.233.21 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-189-233-21.us-east-2.compute.amazonaws.com
capi.connatix.com
14    104.244.37.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: daldt.adsafeprotected.com
dt.adsafeprotected.com
1    13.226.155.120 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-120.dus51.r.cloudfront.net
onetag-geo.s-onetag.com
2    13.226.155.96 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-96.dus51.r.cloudfront.net
onetag-geo-grouping.s-onetag.com
Apex Domain
Subdomains		 Transfer
27 adsafeprotected.com
cdn.adsafeprotected.com
pixel.adsafeprotected.com
static.adsafeprotected.com
dt.adsafeprotected.com
193 KB
17 dianomi.com
www.dianomi.com
24 KB
15 reuters.com
www.reuters.com
static.reuters.com
705 KB
12 googlesyndication.com
8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
94 KB
11 connatix.com
cd.connatix.com
cds.connatix.com
capi.connatix.com
vid.connatix.com
img.connatix.com
233 KB
8 moatpixel.com
reutersdfpcw319687550988.s.moatpixel.com
2 KB
8 evidon.com
c.evidon.com
iabmap.evidon.com
42 KB
7 s-onetag.com
get.s-onetag.com
beacon.s-onetag.com
dfp-gateway.s-onetag.com
onetag-geo.s-onetag.com
onetag-geo-grouping.s-onetag.com
23 KB
7 doubleclick.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
115 KB
7 media.net
contextual.media.net
cdneu-xch.media.net
209 KB
6 google-analytics.com
www.google-analytics.com
78 KB
5 reutersmedia.net
s3.reutersmedia.net
s4.reutersmedia.net
87 KB
4 moatads.com
z.moatads.com
geo.moatads.com
207 KB
4 videodelivery.net
embed.videodelivery.net
233 KB
4 googletagservices.com
www.googletagservices.com
100 KB
3 scorecardresearch.com
sb.scorecardresearch.com
2 KB
3 betrad.com
l.betrad.com
360 B
3 tinypass.com
experience.tinypass.com
cdn.tinypass.com
124 KB
3 tru.am
tru.am
beacon.tru.am
13 KB
3 chartbeat.com
static.chartbeat.com
mab.chartbeat.com
32 KB
2 facebook.com
www.facebook.com
229 B
2 segment.io
api.segment.io
282 B
2 google.com
adservice.google.com
www.google.com
340 B
2 google.de
adservice.google.de
www.google.de
274 B
2 consensu.org
vendorlist.consensu.org
evidon.mgr.consensu.org
19 KB
2 facebook.net
connect.facebook.net
166 KB
2 reuters.tv
queso-cdn.prod.reuters.tv
sope.prod.reuters.tv
26 KB
1 chartbeat.net
ping.chartbeat.net
168 B
1 mnet-ad.net
s.mnet-ad.net
356 B
1 globalwebindex.net
gwiqcdn.globalwebindex.net
6 KB
1 cloudflare.com
cdnjs.cloudflare.com
2 KB
1 ytimg.com
s.ytimg.com
33 KB
1 segment.com
cdn.segment.com
96 KB
1 admantx.com
usasync01.admantx.com
663 B
1 youtube.com
www.youtube.com
1 KB
1 googletagmanager.com
www.googletagmanager.com
91 KB
1 jquery.com
code.jquery.com
30 KB
177 37
Domain Requested by
17 www.dianomi.com static.reuters.com
www.dianomi.com
www.reuters.com
14 dt.adsafeprotected.com
11 static.reuters.com www.reuters.com
8 reutersdfpcw319687550988.s.moatpixel.com
8 pixel.adsafeprotected.com cdn.adsafeprotected.com
www.reuters.com
7 c.evidon.com static.reuters.com
c.evidon.com
6 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
6 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.reuters.com
6 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.reuters.com
5 capi.connatix.com cds.connatix.com
5 contextual.media.net static.reuters.com
contextual.media.net
www.reuters.com
4 static.adsafeprotected.com pixel.adsafeprotected.com
www.reuters.com
4 embed.videodelivery.net 1 redirects embed.videodelivery.net
4 www.googletagservices.com contextual.media.net
securepubads.g.doubleclick.net
4 s3.reutersmedia.net www.reuters.com
4 www.reuters.com static.reuters.com
www.googletagmanager.com
c.evidon.com
3 pagead2.googlesyndication.com securepubads.g.doubleclick.net
3 cds.connatix.com www.reuters.com
cds.connatix.com
3 8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com securepubads.g.doubleclick.net
3 sb.scorecardresearch.com 1 redirects www.reuters.com
3 l.betrad.com www.reuters.com
2 onetag-geo-grouping.s-onetag.com beacon.s-onetag.com
2 geo.moatads.com z.moatads.com
2 dfp-gateway.s-onetag.com get.s-onetag.com
2 z.moatads.com securepubads.g.doubleclick.net
2 www.facebook.com www.reuters.com
connect.facebook.net
2 api.segment.io cdn.segment.com
2 cdneu-xch.media.net www.reuters.com
2 connect.facebook.net cdn.segment.com
connect.facebook.net
2 experience.tinypass.com www.reuters.com
cdn.tinypass.com
2 tru.am www.googletagmanager.com
tru.am
2 static.chartbeat.com www.reuters.com
1 onetag-geo.s-onetag.com beacon.s-onetag.com
1 img.connatix.com
1 vid.connatix.com cds.connatix.com
1 beacon.s-onetag.com get.s-onetag.com
1 cd.connatix.com 1 redirects
1 ping.chartbeat.net
1 get.s-onetag.com www.googletagmanager.com
1 www.google.de www.reuters.com
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 evidon.mgr.consensu.org c.evidon.com
1 s.mnet-ad.net www.reuters.com
1 vendorlist.consensu.org c.evidon.com
1 beacon.tru.am tru.am
1 gwiqcdn.globalwebindex.net www.reuters.com
1 sope.prod.reuters.tv static.reuters.com
1 iabmap.evidon.com c.evidon.com
1 cdnjs.cloudflare.com www.dianomi.com
1 cdn.tinypass.com experience.tinypass.com
1 s.ytimg.com www.youtube.com
1 mab.chartbeat.com static.chartbeat.com
1 cdn.segment.com www.reuters.com
1 cdn.adsafeprotected.com static.reuters.com
1 usasync01.admantx.com static.reuters.com
1 www.youtube.com www.reuters.com
1 s4.reutersmedia.net www.reuters.com
1 www.googletagmanager.com www.reuters.com
1 queso-cdn.prod.reuters.tv www.reuters.com
1 code.jquery.com www.reuters.com
177 63
Subject Issuer Validity Valid
www.reuters.com
Amazon		 2020-03-04 -
2021-04-04		 a year crt.sh
static.reuters.com
Amazon		 2019-11-25 -
2020-12-25		 a year crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA		 2018-10-17 -
2020-10-16		 2 years crt.sh
*.chartbeat.com
Thawte RSA CA 2018		 2020-06-01 -
2021-06-02		 a year crt.sh
*.prod.reuters.tv
Amazon		 2019-12-31 -
2021-01-31		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.evidon.com
DigiCert Secure Site ECC CA-1		 2020-04-29 -
2021-07-29		 a year crt.sh
*.admantx.com
SSL.com RSA SSL subCA		 2019-03-29 -
2021-06-25		 2 years crt.sh
*.adsafeprotected.com
COMODO RSA Domain Validation Secure Server CA		 2018-08-20 -
2020-09-17		 2 years crt.sh
*.segment.com
DigiCert SHA2 Secure Server CA		 2020-06-12 -
2021-07-27		 a year crt.sh
dianomi.com
Cloudflare Inc ECC CA-3		 2020-07-02 -
2021-07-02		 a year crt.sh
f6.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-06-13 -
2021-04-24		 10 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-20 -
2021-07-20		 a year crt.sh
ssl802628.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2020-05-20 -
2020-11-26		 6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-07-21 -
2020-10-12		 3 months crt.sh
cdnjs.cloudflare.com
DigiCert ECC Secure Server CA		 2020-08-12 -
2022-08-17		 2 years crt.sh
l.betrad.com
Go Daddy Secure Certificate Authority - G2		 2019-04-25 -
2021-06-24		 2 years crt.sh
sb.scorecardresearch.com
DigiCert Secure Site ECC CA-1		 2020-07-17 -
2021-06-02		 a year crt.sh
*.globalwebindex.net
RapidSSL RSA CA 2018		 2017-12-13 -
2020-12-19		 3 years crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2020-02-25 -
2021-05-26		 a year crt.sh
vendorlist.consensu.org
Amazon		 2020-02-07 -
2021-03-07		 a year crt.sh
*.mnet-ad.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-06 -
2021-04-14		 a year crt.sh
evidon.mgr.consensu.org
Amazon		 2020-07-25 -
2021-08-25		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
fw.adsafeprotected.com
Amazon		 2020-03-14 -
2021-04-14		 a year crt.sh
www.google.de
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.s-onetag.com
Amazon		 2020-03-03 -
2021-04-03		 a year crt.sh
*.chartbeat.net
Thawte RSA CA 2018		 2019-12-16 -
2020-12-30		 a year crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2020-01-17 -
2021-03-17		 a year crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2019-09-05 -
2020-10-19		 a year crt.sh
*.moatads.com
DigiCert SHA2 Secure Server CA		 2019-03-12 -
2021-06-10		 2 years crt.sh
static.adsafeprotected.com
Amazon		 2019-11-01 -
2020-12-01		 a year crt.sh

This page contains 17 frames:

Primary Page: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Frame ID: 8A90A6AA72541CCD3D7CFB1BE25B0D31
Requests: 139 HTTP requests in this frame

Frame: https://www.dianomi.com/smartads.epl?id=4728&num_ads=5&shuffle=0&cf=545.4.Reuters%20Feed&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Frame ID: DF3E5FCE3447A2808C9A8CFDE2A5A556
Requests: 1 HTTP requests in this frame

Frame: https://www.dianomi.com/recirculation.epl?id=98&cf=545.4.Reuters%20Feed
Frame ID: 6E302AE5E374DF6A225EBEC4C3C708FE
Requests: 1 HTTP requests in this frame

Frame: https://www.dianomi.com/recirculation.epl?id=99&start=6&cf=545.4.Reuters%20Feed
Frame ID: ECA95FAD0007C852EBD8DE4F6171932C
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUF1VN4G&prvid=3%2C23%2C28%2C29%2C33%2C38%2C41%2C51%2C54%2C56%2C59%2C69%2C72%2C74%2C76%2C77%2C80%2C82%2C84%2C97%2C106%2C108%2C109%2C113%2C117%2C118%2C122%2C126%2C138%2C139%2C141%2C145%2C147%2C159%2C172%2C173%2C174%2C175%2C178%2C182%2C184%2C188%2C193%2C201%2C203%2C208%2C214%2C222%2C225%2C226%2C3004%2C3007%2C3008%2C3010%2C3012%2C3014%2C3015%2C3017&rtime=810&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
Frame ID: 3C566D6A6F9C33B783C84333664EF0E8
Requests: 1 HTTP requests in this frame

Frame: https://embed.videodelivery.net/embed/r4xu.fla9.latest.js
Frame ID: 34D68FB54ECC7F4E27B2C7E976F9BDA2
Requests: 8 HTTP requests in this frame

Frame: https://embed.videodelivery.net/embed/iframe.fla9.98f0c7f.html?videoId=be3b786e735303106d9b7250897aa256
Frame ID: 31E755182AC0BB9326E0C14AEDEE56B2
Requests: 1 HTTP requests in this frame

Frame: https://8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 00031B986017D9224BB81BECCCF0B2F0
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsulAzR0mK2ajOT7uxdM25rsUbCmxGXL32xIufIZJqbqbhvABOFSlaVJHrQrkSlNApC2MVzPTfXUcQ94GRc5RKvEpuJwEyCorEv5nT0G7WshfTUo-UjKz6hJlixLiCUKKtypi1Gh6_mScZ944MXpw7dXzyjTq7V6HBIXLfs0qsFKngDRmwZMpxfXN7xOJeRNGix_EDICQrjqh6FJ_45leDG94PEtRXbrhF_kSmwUvMv59vIR-Ld_zRn53E8ftvcQiMDfz2zvZCgOBB4_1k5YEPaPirJTnbf16nEylzhxhnU&sig=Cg0ArKJSzNmNoVCveGe2EAE&adurl=
Frame ID: B6A4A1D1AEABA2724E2C01A738341C7D
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst8jdiahO9_vgrXJdbQNSFU9gqnUULj93SzijcJa01VeNQSGFXs_fq8tvBBXHZ_TNLGOepaEJcUVO6lYuJd2YXyUBi1lXc6LN14Y1WzQ5xQ6Nt0Exk3u7V6K4GsuLef9ML0esd3Bx_89FdwQ6cBpEH0qt5r9WgkEIgTm2MjuAIHPOVcQAk6diyAlbQguUEX5L4M1TgEWwCCCrpLHxeLtV1bXzgvQGH_4ohMH6NRtIPZ0XdRSm_bnMhjjAdW-D0EDj0Kl68Vlak889XlaU57BeXrDpm2WfUfjUMB_aSrTkk&sig=Cg0ArKJSzK4wan9AV2iEEAE&urlfix=1&adurl=
Frame ID: 132B0BF85B6CCCC9D2FD0044FD4A11B4
Requests: 9 HTTP requests in this frame

Frame: https://cds.connatix.com/p/44385/connatix.player.dc.js
Frame ID: 6B32ABBF3C36D8FABE95F8AECB115815
Requests: 7 HTTP requests in this frame

Frame: https://8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: E2718751504461F7569EEDF87821552D
Requests: 1 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=10764&campId=728x90&pubId=20067072&chanId=247866432&placementId=5361866584&pubCreative=138314657807&pubOrder=2607453244&cb=907853758&custom=leaderboard&custom2=&custom3=0&adsafe_par&impId=
Frame ID: BC3083D26C30B0360310905C1065EAC7
Requests: 2 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=426815577&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=
Frame ID: EE2CBC350434FD4E289A3C3F9C577EB8
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: D66B210DAA6FD3787B722DF76B5D2FB3
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: A7BFACF09964B1947CAD286075723AA6
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: BE40B70BF4F5D4241E8A486942E61EA9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

177
Requests

99 %
HTTPS

53 %
IPv6

37
Domains

63
Subdomains

54
IPs

8
Countries

3209 kB
Transfer

9477 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65
  • https://sb.scorecardresearch.com/b?c1=2&c2=6035630&ns__t=1597270408633&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1597270408633&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9=&cs_ak_ss=1
Request Chain 85
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-24152976-22&cid=646349505.1597270408&jid=451236038&gjid=1686564113&_gid=1537310197.1597270408&_u=aGDAiEAjR~&z=1884949020 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=646349505.1597270408&jid=451236038&_v=j83&z=1884949020 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=646349505.1597270408&jid=451236038&_v=j83&z=1884949020&slf_rd=1&random=4180094569
Request Chain 102
  • https://embed.videodelivery.net/embed/r4xu.fla9.latest.js?video=be3b786e735303106d9b7250897aa256 HTTP 301
  • https://embed.videodelivery.net/embed/r4xu.fla9.latest.js
Request Chain 123
  • https://cd.connatix.com/connatix.player.js HTTP 302
  • https://cds.connatix.com/p/44385/connatix.player.dc.js

177 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
www.reuters.com/article/us-cyber-cwt-ransom/ 		227 KB
58 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.8 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-8.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
3dfeed84abdc50ae9a47f0c1e3366e3cba4ea30ee96e375b52ff7a31c3f9e029

Request headers

:method
GET
:authority
www.reuters.com
:scheme
https
:path
/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
content-type
text/html;charset=UTF-8
access-control-allow-headers
Access-Control-Allow-Origin,charset
access-control-allow-origin
http://admin.reuters.com
browser-expires
Wed, 12 Aug 2020 22:13:27 GMT
channel-name
RCOMUS_Cyberrisk
content-encoding
gzip
date
Wed, 12 Aug 2020 22:13:27 GMT
expires
Wed, 12 Aug 2020 22:28:27 GMT
last-updateda
Fri, 31 Jul 2020 15:03:18 GMT
server
nginx
vary
Accept-Encoding
x-cache
Miss from cloudfront
via
1.1 dfeaf865724e57eaac72220929416926.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
PR0puQi1zAW-eBHs1SaQCSuS4n8Y9pxvF5_fJwvOW79KW7TRo6PlJA==
article.bundle.css
static.reuters.com/resources_v2/react/CKB-23169-b72/ 		149 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.reuters.com/resources_v2/react/CKB-23169-b72/article.bundle.css
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
faf40c6481d024246ae76970ee7b8346a54da9a19f5ad61f2384bcd13b09f3a9

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 20:57:59 GMT
content-encoding
gzip
age
4713
x-cache
Hit from cloudfront
status
200
content-length
16091
last-modified
Thu, 16 Jul 2020 21:01:56 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control
max-age=7200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
1DtcJi1onQLf5Wzj6f65QjuwMRzn17QOXKFLLmoTP1O6uQFYlsojiw==
expires
Wed, 12 Aug 2020 22:54:54 GMT
common.bundle.css
static.reuters.com/resources_v2/react/CKB-23169-b72/ 		480 KB
279 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.css
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
0d445873a2c993e05b6f3566da0b249eb88f249449cf877f2137a10130dd9c56

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:25:12 GMT
content-encoding
gzip
last-modified
Thu, 16 Jul 2020 21:02:05 GMT
server
nginx
age
2905
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
status
200
cache-control
max-age=7200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
vhr4beRA55TaV5TffIg_6MOh3l8-ZMLPaSWyk2e_vrQMPQrhJ7Cb5Q==
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
expires
Wed, 12 Aug 2020 23:25:02 GMT
jquery-3.4.1.min.js
code.jquery.com/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Origin
https://www.reuters.com

Response headers

date
Wed, 12 Aug 2020 22:13:27 GMT
content-encoding
gzip
last-modified
Wed, 01 May 2019 21:14:27 GMT
server
nginx
status
200
etag
W/"5cca0c33-15851"
vary
Accept-Encoding
x-hw
1597270407.dop206.fr8.t,1597270407.cds225.fr8.hc,1597270407.cds236.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30638
chartbeat_mab.js
static.chartbeat.com/js/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.chartbeat.com/js/chartbeat_mab.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:6a00:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c1acfa727754dab58bedc79995a642e235c6fde6449824c4fba4318fc060c91c

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:02:33 GMT
content-encoding
gzip
last-modified
Wed, 14 Aug 2019 01:44:12 GMT
server
nginx
age
4254
etag
W/"5d53676c-4a99"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=7200
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
1WYsGgIQYguBrimTga6n-ynrCZINn89_U7o7BH0r9Nm13t8NF1T5_g==
via
1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)
expires
Wed, 12 Aug 2020 23:02:33 GMT
embedder.bundle.js
queso-cdn.prod.reuters.tv/new/assets/ 		50 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://queso-cdn.prod.reuters.tv/new/assets/embedder.bundle.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:e000:1e:ef1b:aa40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
b530d2f33467c65e254999ed904332bc40a5aa25c750229790295f6742938b6f

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:12:42 GMT
content-encoding
gzip
x-origin
i-0570fd7e0d298821a.queso.prod.us.reuters.tv
age
45
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Tue, 10 Dec 2019 21:26:03 GMT
server
nginx/1.14.0 (Ubuntu)
etag
W/"5df00d6b-c6f0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
via
1.1 88bc7a9e54e3765a2fd64d3e80cc8217.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-C1
access-control-allow-headers
connection, range, accept-encoding, user-agent, referer, content-type
x-amz-cf-id
Qa3vzTr1A6oNlqaYd1HkC-oRxnmluK3Yky8DSZF-aO5GwT3O0GfmVA==
gtm.js
www.googletagmanager.com/ 		314 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
48b6a8109cf91c81d1ad2ebd97673c8446f9ca19a11964890e3ce642e8511d44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:27 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
93256
x-xss-protection
0
last-modified
Wed, 12 Aug 2020 21:52:18 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 12 Aug 2020 22:13:27 GMT
3aae9fd5da3557fba61d6444cb943643.png
static.reuters.com/resources_v2/react/CKB-23169-b72/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.reuters.com/resources_v2/react/CKB-23169-b72/3aae9fd5da3557fba61d6444cb943643.png
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
6346ee09058d555984eb04aac881775c926b5d9d4f73ca91493f7cb708ed90df

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 01:11:25 GMT
content-encoding
gzip
age
76463
x-cache
Hit from cloudfront
status
200
content-length
1539
last-modified
Thu, 16 Jul 2020 21:01:46 GMT
server
nginx
vary
Accept-Encoding
content-type
image/png
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
4m3FxnesFuRr1LcUDmCBpKqyIeDzQ5H5stze4JkyTmBDrwakbk3IRQ==
expires
Thu, 13 Aug 2020 00:59:04 GMT
/
s3.reutersmedia.net/resources/r/ 		687 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.reutersmedia.net/resources/r/?m=02&d=20200731&t=2&i=1527877045&r=LYNXNPEG6U1D5&w=20
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
b5771462426214dd38f38352be4e5018e2d479df771d17d87723969efab65a49

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
PXHk6IkLtD2pt0PIqdPJZ3WIZqK3k.av
via
1.1 4ba9d3779ca8afc198240a34dffb07c4.cloudfront.net (CloudFront)
x-amz-expiration
expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified
Fri, 31 Jul 2020 15:03:45 GMT
server
nginx
age
51173
etag
"99ad09d534e9cd2cfa262e77d01586b5"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
date
Wed, 12 Aug 2020 08:00:34 GMT
x-amz-cf-pop
DUS51-C1
content-length
687
x-amz-cf-id
WC6LI121qtBR9b0esZ992ZvO-OkyBzwAKCsb-3E-2rVnQrGRrvJ0dQ==
/
s4.reutersmedia.net/resources/r/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s4.reutersmedia.net/resources/r/?m=02&d=20200731&t=2&i=1527877047&r=LYNXNPEG6U1D9
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
09c52e5ea3fdb1ac6d74bf9c68a5411ae21355fb33afd30b8b37c434c3338e2a

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 19:05:20 GMT
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-expiration
expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified
Fri, 31 Jul 2020 15:03:45 GMT
server
nginx
age
11287
etag
"d2c4ae5113a50834133f423b9565d7aa"
x-cache
Hit from cloudfront
x-amz-version-id
C0cntzZ8DoRgeITqsscUR_ZjzuW8xrP8
status
200
x-amz-cf-pop
DUS51-C1
content-type
image/jpeg
content-length
43013
x-amz-cf-id
6fY-EyiKyYrXZ9nBwKqanIGcYkkjoM1dN0188D-QW3lSchNt2VFtUQ==
common.bundle.js
static.reuters.com/resources_v2/react/CKB-23169-b72/ 		755 KB
182 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
08403f71ba79ddfc050c707a58a0b0f81e42dd8352249f0525eb74039df12080

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:57:36 GMT
content-encoding
gzip
last-modified
Thu, 16 Jul 2020 21:02:06 GMT
server
nginx
age
1472
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
max-age=7200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
ocXbgcdnsBz7CR2ttDIjW_bQfbPKoR59NNHj5KWuOSRPliy428ulcw==
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
expires
Wed, 12 Aug 2020 23:48:55 GMT
article.bundle.js
static.reuters.com/resources_v2/react/CKB-23169-b72/ 		367 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.reuters.com/resources_v2/react/CKB-23169-b72/article.bundle.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
96c55d1a0e501bee6c3b9b91eaccdfb7ed17698f20a219d662c837b595a6824f

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:57:36 GMT
content-encoding
gzip
age
1342
x-cache
Hit from cloudfront
status
200
content-length
53901
last-modified
Thu, 16 Jul 2020 21:01:57 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control
max-age=7200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
5z2T5gdK8trZQEqd8AVt3zPEQSjxUFGtVFak07ghG63esTyV2BRbHQ==
expires
Wed, 12 Aug 2020 23:51:04 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
5986
date
Wed, 12 Aug 2020 20:33:41 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Wed, 12 Aug 2020 22:33:41 GMT
js
www.google-analytics.com/gtm/ 		74 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-TBBXQQ&t=gtm2&cid=646349505.1597270408
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9bc4462981341ede864aa5b80efbbf5b542963ac79db538b2cefc9dba141f125
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:27 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29782
x-xss-protection
0
last-modified
Wed, 12 Aug 2020 21:52:18 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 12 Aug 2020 22:13:27 GMT
iframe_api
www.youtube.com/ 		859 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
a0d3ad2bd0bb836d67e587c3b497fc7275294125707b05bc38624cf787086dec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:27 GMT
x-content-type-options
nosniff
server
YouTube Frontend Proxy
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
status
200
cache-control
no-cache
content-type
application/javascript
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
expires
Tue, 27 Apr 1971 19:44:06 GMT
truncated
/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f01d25f7a76e0682a7a43230c32bef653eaf28b8a6f7a683ebb88bf8c6aa4f50

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.reuters.com

Response headers

Content-Type
application/font-woff
truncated
/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7d62426c6b87d35cef5c2c873355aa44edffcf4a7f927f1c51b10694ea4f6ed

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.reuters.com

Response headers

Content-Type
application/font-woff
truncated
/ 		71 KB
71 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ee0768f9d2def8b13df284410776f5d755109e77b5c0ca17d8895f65b343a0cd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.reuters.com

Response headers

Content-Type
application/font-woff
evidon-sitenotice-tag.js
c.evidon.com/sitenotice/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Requested by
Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-252-228.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
731ebb6e8eb86eb45b6e7269a9374d1ac90533bfca3a81774dfe51f84fee2f92

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:27 GMT
content-encoding
gzip
vary
Accept-Encoding
status
200
content-length
14733
last-modified
Wed, 05 Aug 2020 19:47:31 GMT
server
AkamaiNetStorage
etag
"9ed00dc4b4ef73cfa3427a0b9764a8d0:1596656851.752407"
access-control-max-age
108000
access-control-allow-methods
GET,OPTIONS,POST
content-type
application/x-javascript
access-control-allow-origin
cache-control
max-age=86400, private;max-age=86400
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 13 Aug 2020 22:13:27 GMT
country.js
c.evidon.com/geo/ 		238 B
439 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/geo/country.js
Requested by
Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-252-228.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
8c61c037047cb44c60d5919f90fbd5617857bff29d61706585a1340c57b80e82

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:27 GMT
content-encoding
gzip
last-modified
Fri, 13 Mar 2020 22:31:38 GMT
server
AkamaiNetStorage
status
200
etag
"e7e46b25c163e6511e4bf58a3d549424:1584138698.141604"
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS,POST
content-type
application/x-javascript
access-control-allow-origin
access-control-max-age
108000
accept-ranges
bytes
access-control-allow-headers
*
content-length
162
snthemes.js
c.evidon.com/sitenotice/1237/ 		48 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/1237/snthemes.js
Requested by
Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-252-228.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
78d7768fb1213eced669894455aac7c1bfb17452b25ef69859ab7617cb85856f

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:27 GMT
content-encoding
gzip
vary
Accept-Encoding
status
200
content-length
3701
last-modified
Fri, 26 Jun 2020 14:04:50 GMT
server
AkamaiNetStorage
etag
"250e5fd831f93b742b230a49f56ee029:1593180290.533778"
access-control-max-age
108000
access-control-allow-methods
GET,OPTIONS,POST
content-type
application/x-javascript
access-control-allow-origin
cache-control
max-age=86400, private;max-age=86400
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 13 Aug 2020 22:13:27 GMT
settings.js
c.evidon.com/sitenotice/1237/reuters/ 		19 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/1237/reuters/settings.js
Requested by
Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-252-228.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
7962dce1427363ac8964c27e8a221d2b6f320fa55f7e32df3508b288d99ff915

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:27 GMT
content-encoding
gzip
vary
Accept-Encoding
status
200
content-length
2681
last-modified
Wed, 01 Jul 2020 02:14:34 GMT
server
AkamaiNetStorage
etag
"ab26685e301ed5649625ade2ef42d4cf:1593569674.617377"
access-control-max-age
108000
access-control-allow-methods
GET,OPTIONS,POST
content-type
application/x-javascript
access-control-allow-origin
cache-control
max-age=86400, private;max-age=86400
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 13 Aug 2020 22:13:27 GMT
service
usasync01.admantx.com/admantx/ 		467 B
663 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://usasync01.admantx.com/admantx/service?request=%7B%22key%22%3A%22234330834c41105ad5ed794fa036e085b40225c44f9228bb9e2692f427917605%22%2C%20%22decorator%22%3A%22template.reuters_ss%22%2C%20%22filter%22%3A%5B%22default%22%5D%2C%20%22method%22%3A%22descriptor%22%2C%20%22mode%22%3A%22async%22%2C%20%22type%22%3A%22URL%22%2C%20%22body%22%3A%22https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W%22%7D
Requested by
Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2406:da00:ff00::36eb:b8ea Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
bb56e9cb6a9934d4d3c871e6aa711d2168e0c74c02cc3388539fe50e57091dca

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 12 Aug 2020 22:13:28 GMT
Server
nginx/1.16.1
Connection
keep-alive
Content-Length
467
Content-Type
text/plain; charset=UTF-8
iasPET.1.js
cdn.adsafeprotected.com/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adsafeprotected.com/iasPET.1.js
Requested by
Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-108.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
54138d578ed166d5381db70b3dd14a16830233553b6e4213402bae2fdb0564b4

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 12 Aug 2020 01:14:04 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Wed, 08 Jul 2020 20:34:30 GMT
Server
AmazonS3
Age
75586
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
Cache-Control
max-age=604800
Transfer-Encoding
chunked
X-Amz-Cf-Pop
DUS51-C1
X-Amz-Cf-Id
9qEQ38-6gLehSf8UmN5fkOE0ZQqRH-_H_IugVwO9g4V7LDs4DGKA9Q==
analytics.min.js
cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/ 		456 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.145.149 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-149.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6d2fe32d253b1c23c584887a2d05bba8d56ad3b233081d190be436c70209ead2

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
YOeClGqZQucGhTexskvvImiIs1YTWvjr
content-encoding
gzip
etag
"b571ddcfce959fdfb468fd0182ffb999"
age
159
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-length
98102
access-control-allow-origin
*
last-modified
Fri, 31 Jul 2020 18:21:37 GMT
server
AmazonS3
date
Wed, 12 Aug 2020 22:10:50 GMT
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
via
1.1 e7b88cadf742e342f39f17392af35c4f.cloudfront.net (CloudFront)
cache-control
public, max-age=300
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
r4zybcevVVshpkJYkJxToC3IitJ7nxYDkN34I1ZtnqGm5gh_3OcxxA==
contextfeed.js
www.dianomi.com/js/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/js/contextfeed.js?
Requested by
Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/article.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4dfb7c925e9a341c587ecc6af346f2cf875c63da4609858353eed31324e7ac48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
4995
cf-polished
origSize=16301
status
200
x-xss-protection
1; mode=block
last-modified
Fri, 12 Jun 2020 10:37:13 GMT
server
cloudflare
etag
W/"3fad-5a7e0a8fd0bd3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 13 Aug 2020 02:13:28 GMT
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-request-id
04865553660000049799042200000001
cf-ray
5c1d8b3238910497-CDG
cf-bgj
minify
breakingNews
www.reuters.com/assets/ 		1 B
399 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.reuters.com/assets/breakingNews?view=json
Requested by
Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.8 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-8.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
browser-expires
Wed, 12 Aug 2020 22:13:28 GMT
server
nginx
x-amz-cf-pop
DUS51-C1
status
200
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
http://admin.reuters.com
access-control-allow-headers
Access-Control-Allow-Origin,charset
content-length
1
via
1.1 dfeaf865724e57eaac72220929416926.cloudfront.net (CloudFront)
x-amz-cf-id
GmOyA0anpQLrsq4HiW-Phn5lIs40gmkRBzv08PTTEsrtgXe7F_iJ7Q==
expires
Wed, 12 Aug 2020 22:18:28 GMT
/
s3.reutersmedia.net/resources/r/ 		43 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.reutersmedia.net/resources/r/?m=02&d=20200731&t=2&i=1527877045&r=LYNXNPEG6U1D5&w=1280
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
0541539bf2c978c0ddec342e71cdeeb6c741a149356dcf13a01ae4217d28e46b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
oObRweTrk8_OxeCSFKAdYD7GOFpoZAsA
via
1.1 4ba9d3779ca8afc198240a34dffb07c4.cloudfront.net (CloudFront)
x-amz-expiration
expiry-date="Mon, 31 Aug 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified
Fri, 31 Jul 2020 15:03:52 GMT
server
nginx
age
42648
etag
"9820f131d19eb65a082f3c146a2cb7b4"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
date
Wed, 12 Aug 2020 10:22:40 GMT
x-amz-cf-pop
DUS51-C1
content-length
43556
x-amz-cf-id
tGI2z2Li0_AycdL3JazNuh1wyERpnG0PbuiaPzZ1Q8mUrXKAZmULdA==
/
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 		195 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=reuters.com&domain=reuters.com&path=%2Farticle%2Fus-cyber-cwt-ransom-idUSKCN24W25W
Requested by
Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::714 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cfd0da29a6d34ea44fb0035a3a1b409a4a66c091fb0f143ea2f73a643c3f8cef

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
age
643
x-cache
HIT
status
200
x-cache-hits
1
content-length
161
x-served-by
cache-hhn4083-HHN
access-control-allow-origin
*
x-timer
S1597270408.080082,VS0,VE0
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type
application/json
via
1.1 varnish (Varnish/6.0), 1.1 varnish
cache-control
no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges
bytes
expires
Mon, 10 Aug 2020 22:02:45 GMT
reuters.js
tru.am/scripts/custom/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tru.am/scripts/custom/reuters.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:274 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f23d93c9b8e3ca26f6fcc6be6a8d087e43a3f5795daa3c61017071642f66f3c

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
cf-cache-status
HIT
age
2230759
x-guploader-uploadid
AAANsUlK-rhqWIaSronpM69LDK3tSKdIlWTr545LHnYUXX1YBJwnHqKhyvJA1BK1p6ChhuoYauFsuyxDZP87axzJFw
x-goog-storage-class
REGIONAL
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
04865553960000647fc0049200000001
last-modified
Fri, 19 Apr 2019 06:14:57 GMT
server
cloudflare
etag
W/"40b7d4de06dae04ec0d6537ef2f54db8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=e3JHUg==, md5=QLfU3gba4E7A1lN+8vVNuA==
x-goog-generation
1555654497328861
content-type
application/javascript
cache-control
public, max-age=2678400
x-goog-stored-content-length
1056
cf-ray
5c1d8b328e94647f-FRA
expires
Sat, 18 Jul 2020 03:34:09 GMT
load
experience.tinypass.com/xbuilder/experience/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://experience.tinypass.com/xbuilder/experience/load?aid=TIDovF4cqC
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b8b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd1dc64fac45e75fffefbd76f176c6ea118ab79b88b3efddc5642d4e7c76d4fe

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
cf-cache-status
HIT
age
833
p3p
CP="NON DSP COR OUR IND"
status
200
x-forwarded-https
on
cf-request-id
048655538e0000dfdbd5108200000001
x-request-id
Cb31zeqkEsp
wn
prod-exp-10-0-113-165
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
accept-encoding
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=1800
cf-ray
5c1d8b327c02dfdb-FRA
expires
Wed, 12 Aug 2020 22:43:28 GMT
www-widgetapi.js
s.ytimg.com/yts/jsbin/www-widgetapi-vflm7q--B/ 		90 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.ytimg.com/yts/jsbin/www-widgetapi-vflm7q--B/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a09f19ac3a6fb7a6db7aa92dc9a888e9f6f169b18171d6d958693399af19c99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 23:06:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
83242
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33291
x-xss-protection
0
last-modified
Tue, 11 Aug 2020 20:57:58 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=691200
accept-ranges
bytes
timing-allow-origin
https://www.youtube.com
expires
Wed, 19 Aug 2020 23:06:06 GMT
context.pl
www.dianomi.com/cgi-bin/ 		2 KB
503 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/cgi-bin/context.pl?id=4&h=www.reuters.com
Requested by
Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38f82a586c4984fdc89697da37dac16d17ed9c1d619510ed32991778b3e21b26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
application/json; charset=ISO-8859-1
access-control-allow-origin
https://www.reuters.com
x-xss-protection
1; mode=block
cache-control
public, max-age=1200
access-control-allow-credentials
true
cf-ray
5c1d8b334a6c0497-CDG
cf-request-id
04865554080000049799049200000001
expires
Wed, 12 Aug 2020 22:14:28 GMT
tinypass.min.js
cdn.tinypass.com/api/ 		385 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.tinypass.com/api/tinypass.min.js
Requested by
Host: experience.tinypass.com
URL: https://experience.tinypass.com/xbuilder/experience/load?aid=TIDovF4cqC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b8b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad590c30e8e0ef2b2539b0f1a7e4e4da38a6a7b2a8b3f88048338c22da590253

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
cf-cache-status
HIT
age
177
p3p
CP="NON DSP COR OUR IND"
status
200
x-forwarded-https
on
cf-request-id
04865554060000dfdbd510e200000001
wn
prod-dash-10-0-127-211
last-modified
Tue, 11 Aug 2020 16:55:24 GMT
server
cloudflare
etag
W/"394506-1597164924000"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
server-time
0.000
cache-control
public, max-age=300
cf-ray
5c1d8b333d5fdfdb-FRA
expires
Wed, 12 Aug 2020 22:18:28 GMT
js
www.google-analytics.com/gtm/ 		74 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-KBK7743&cid=646349505.1597270408
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8913beb81d7fcafd7abaa2fa3c5f7db602ee98fd392078ef627cc23e16b03b29
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29818
x-xss-protection
0
last-modified
Wed, 12 Aug 2020 21:52:18 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 12 Aug 2020 22:13:28 GMT
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
952 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:46:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
1624
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
expires
Wed, 12 Aug 2020 22:46:24 GMT
ta-pagesocial-sdk.js
tru.am/scripts/ 		35 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tru.am/scripts/ta-pagesocial-sdk.js
Requested by
Host: tru.am
URL: https://tru.am/scripts/custom/reuters.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:274 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b8d8ef7fec86e16424f0c6be7f0471a0c29256e074e1336d92876ddb4bc09ff

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
cf-cache-status
HIT
age
2230773
x-guploader-uploadid
AAANsUlz9Yip85RfgS4jGavu6PDS8YEyP7WdDck7YcMKysD_x9qSJ9Qiyi4E5v-ygmEAlwDD_aGRLlN8Bnsmjdj3lw
x-goog-storage-class
REGIONAL
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
04865554390000647fc0050200000001
last-modified
Fri, 19 Apr 2019 06:14:55 GMT
server
cloudflare
etag
W/"942d5ae1e512ccdf18813550428dd002"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=O7AZFg==, md5=lC1a4eUSzN8YgTVQQo3QAg==
x-goog-generation
1555654495662585
content-type
application/javascript
cache-control
public, max-age=2678400
x-goog-stored-content-length
35540
cf-ray
5c1d8b338f19647f-FRA
expires
Sat, 18 Jul 2020 03:33:55 GMT
ads.js
www.reuters.com/ 		112 B
523 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reuters.com/ads.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.8 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-8.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
7464555aae6d8d87b77f7170fba1698ff64f7454ded58627ca1819246e9a9969

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
server
nginx
age
27
status
200
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
http://admin.reuters.com
x-amz-cf-pop
DUS51-C1
access-control-allow-headers
Access-Control-Allow-Origin,charset
content-length
116
via
1.1 dfeaf865724e57eaac72220929416926.cloudfront.net (CloudFront)
x-amz-cf-id
gvwBwm-iGuYL_RI0eKA-MuKbCfs9G5j_OXJSNAZvIbCoJ1YqDxiuyw==
expires
Wed, 12 Aug 2020 22:12:55 GMT
fbevents.js
connect.facebook.net/en_US/ 		134 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
34269
x-xss-protection
0
pragma
public
x-fb-debug
xB/VPJb/XbCvE493lLtaD8kbnhM9dhtya+wTBRHDpE5PtmqRA3TUTRbfn5wVozmgBHXUh23Ik+QoLEiy1MQeqg==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Wed, 12 Aug 2020 22:13:28 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
dianomi-context.css
www.dianomi.com/partner/dianomi/css/ 		169 B
272 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/partner/dianomi/css/dianomi-context.css?v=1.1
Requested by
Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99781410070a5dd4d753fdb8a46f4272082b5be64541dcfcb1b2d3c4aea09c6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
5034
cf-polished
origSize=199
status
200
x-xss-protection
1; mode=block
last-modified
Mon, 21 Jan 2019 12:43:41 GMT
server
cloudflare
etag
W/"c7-57ff735e16ce7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
expires
Thu, 13 Aug 2020 02:13:28 GMT
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-request-id
04865554530000049799050200000001
cf-ray
5c1d8b33bb090497-CDG
cf-bgj
minify
smartads.epl
www.dianomi.com/ Frame DF3E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/smartads.epl?id=4728&num_ads=5&shuffle=0&cf=545.4.Reuters%20Feed&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by
Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.dianomi.com
:scheme
https
:path
/smartads.epl?id=4728&num_ads=5&shuffle=0&cf=545.4.Reuters%20Feed&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status
200
date
Wed, 12 Aug 2020 22:13:28 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=daa02d8459bf3bfe16a5d708b690128591597270408; expires=Fri, 11-Sep-20 22:13:28 GMT; path=/; domain=.dianomi.com; HttpOnly; SameSite=Lax
x-content-type-options
nosniff
x-xss-protection
1; mode=block
access-control-allow-origin
*
access-control-allow-credentials
true
expires
now
pragma
no-cache
cache-control
no-cache,no-store,private
link
</img/a/pss/2649/23.css>;rel=preload;as=style
cf-cache-status
DYNAMIC
cf-request-id
048655545a0000049799052200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5c1d8b33cb180497-CDG
content-encoding
br
cf-h2-pushed
</img/a/pss/2649/23.css>
videofeed-combined.js
www.dianomi.com/js/ 		22 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/js/videofeed-combined.js?id=123
Requested by
Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ed44c518b79ec0c24d13803371365e67d6ca02829631e0dad366850fd466044
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
4873
cf-polished
origSize=32520
status
200
x-xss-protection
1; mode=block
last-modified
Wed, 12 Aug 2020 12:48:38 GMT
server
cloudflare
etag
W/"7f08-5acad9b4df871"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 13 Aug 2020 02:13:28 GMT
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-request-id
04865554590000049799051200000001
cf-ray
5c1d8b33cb160497-CDG
cf-bgj
minify
recirculation.epl
www.dianomi.com/ Frame 6E30 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/recirculation.epl?id=98&cf=545.4.Reuters%20Feed
Requested by
Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.dianomi.com
:scheme
https
:path
/recirculation.epl?id=98&cf=545.4.Reuters%20Feed
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status
200
date
Wed, 12 Aug 2020 22:13:28 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=daa02d8459bf3bfe16a5d708b690128591597270408; expires=Fri, 11-Sep-20 22:13:28 GMT; path=/; domain=.dianomi.com; HttpOnly; SameSite=Lax
x-content-type-options
nosniff
x-xss-protection
1; mode=block
access-control-allow-origin
*
access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-request-id
048655545d0000049799053200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5c1d8b33cb200497-CDG
content-encoding
br
recirculation.epl
www.dianomi.com/ Frame ECA9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/recirculation.epl?id=99&start=6&cf=545.4.Reuters%20Feed
Requested by
Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.dianomi.com
:scheme
https
:path
/recirculation.epl?id=99&start=6&cf=545.4.Reuters%20Feed
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status
200
date
Wed, 12 Aug 2020 22:13:28 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=daa02d8459bf3bfe16a5d708b690128591597270408; expires=Fri, 11-Sep-20 22:13:28 GMT; path=/; domain=.dianomi.com; HttpOnly; SameSite=Lax
x-content-type-options
nosniff
x-xss-protection
1; mode=block
access-control-allow-origin
*
access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-request-id
04865554610000049799056200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5c1d8b33cb2e0497-CDG
content-encoding
br
lazyload.iife.min.js
cdnjs.cloudflare.com/ajax/libs/vanilla-lazyload/10.20.1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/vanilla-lazyload/10.20.1/lazyload.iife.min.js
Requested by
Host: www.dianomi.com
URL: https://www.dianomi.com/js/contextfeed.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4f6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c514d4fb8244af230a89d2203522c6a67a55a3f161cfd4fca9f53301c0588ff
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
11232339
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
048655545b0000d6cd9fa6a200000001
served-in-seconds
0.003
timing-allow-origin
*
last-modified
Sun, 17 Feb 2019 22:45:51 GMT
server
cloudflare
etag
W/"5c69e41f-14cf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
5c1d8b33cc1cd6cd-FRA
expires
Mon, 02 Aug 2021 22:13:28 GMT
dianomi-max-200x38.png
www.dianomi.com/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dianomi.com/img/dianomi-max-200x38.png
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70503c92bcbb8105d95ec4de2012f23098c3383586e95323e4b3384b56af4beb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
196809
cf-polished
origFmt=png, origSize=3940
status
200
content-disposition
inline; filename="dianomi-max-200x38.webp"
content-length
1164
x-xss-protection
1; mode=block
last-modified
Wed, 29 Jul 2020 16:53:11 GMT
server
cloudflare
etag
"f64-5ab97641e5c82"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 12 Sep 2020 08:13:28 GMT
cache-control
public, max-age=2628000
access-control-allow-credentials
true
cf-request-id
04865554610000049799054200000001
accept-ranges
bytes
cf-ray
5c1d8b33cb2b0497-CDG
cf-bgj
imgq:85,h2pri
pixeltrack.pl
www.dianomi.com/cgi-bin/ 		77 B
414 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dianomi.com/cgi-bin/pixeltrack.pl?cf=545.4.Reuters%20Feed
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4fa79afcf5a5cc5a0f12dedaf825f11530e6397d723fe7044cd37ba3c248e57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:28 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
image/gif; charset=ISO-8859-1
access-control-allow-origin
*
x-xss-protection
1; mode=block
access-control-allow-credentials
true
cf-ray
5c1d8b33cb2d0497-CDG
content-length
77
cf-request-id
04865554610000049799055200000001
expires
Tue, 11 Aug 2020 22:13:28 GMT
truncated
/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
45610b21279531a97f9566b0f0f8a1d287a45ae4bc6bc545971af5cd7e393cc6

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.reuters.com

Response headers

Content-Type
application/font-woff
en.js
c.evidon.com/sitenotice/1237/translations/ 		65 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/1237/translations/en.js
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-252-228.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
0301abe27c75fe3b60eff31ce1d31238c9b84d4f36c037bacf0a8656b6a6fb45

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
vary
Accept-Encoding
status
200
content-length
5633
last-modified
Wed, 01 Jul 2020 01:41:52 GMT
server
AkamaiNetStorage
etag
"e21cd11f7f077dfa60a4974f4e56a950:1593567712.14839"
access-control-max-age
108000
access-control-allow-methods
GET,OPTIONS,POST
content-type
application/x-javascript
access-control-allow-origin
cache-control
max-age=86400, private;max-age=86400
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 13 Aug 2020 22:13:28 GMT
evidon-barrier.js
c.evidon.com/sitenotice/ 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/evidon-barrier.js
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-252-228.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
33a31901a144a24e7f7153b2ec965007bb58abea0129ec9e7691d468f959569b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
vary
Accept-Encoding
status
200
content-length
4195
last-modified
Wed, 05 Aug 2020 19:47:32 GMT
server
AkamaiNetStorage
etag
"7f2ec5e4f730c536377c12dea517d463:1596656852.545031"
access-control-max-age
108000
access-control-allow-methods
GET,OPTIONS,POST
content-type
application/x-javascript
access-control-allow-origin
cache-control
max-age=86400, private;max-age=86400
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 13 Aug 2020 22:13:28 GMT
iabevidonmapping.js
iabmap.evidon.com/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://iabmap.evidon.com/iabevidonmapping.js
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:6c00:10:27b4:f500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
21a22ffbb31ae72c9efc1970ad750dc83454831721ca163bc6cda04dae21a7d7

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 10:53:59 GMT
content-encoding
gzip
last-modified
Thu, 16 Jul 2020 19:37:07 GMT
server
AmazonS3
age
40770
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
Esh8T7oP2q-KpBZtZasTFbZvQdWjtNnyzCOQNvXKaH-l_zlhZu8Qmw==
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
evidon-cmp.js
c.evidon.com/sitenotice/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/evidon-cmp.js
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.252.228 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-252-228.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
15b35c3833a358a2d4da3777fc699f98434d8ad633f05f18b0189ff9425d6ec6

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
vary
Accept-Encoding
status
200
content-length
6629
last-modified
Wed, 05 Aug 2020 19:47:32 GMT
server
AkamaiNetStorage
etag
"e61a04bf376822e01eb2bff13a2813cd:1596656852.758443"
access-control-max-age
108000
access-control-allow-methods
GET,OPTIONS,POST
content-type
application/x-javascript
access-control-allow-origin
cache-control
max-age=86400, private;max-age=86400
accept-ranges
bytes
access-control-allow-headers
*
expires
Thu, 13 Aug 2020 22:13:28 GMT
2
l.betrad.com/site/v3/1237/5669/5/1/3/ 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.betrad.com/site/v3/1237/5669/5/1/3/2?consent=0
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.28.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-231-28-41.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
x-powered-by
Express
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary
Accept-Encoding
execute
experience.tinypass.com/xbuilder/experience/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://experience.tinypass.com/xbuilder/experience/execute?aid=TIDovF4cqC
Requested by
Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b8b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddf32eb41417c5dcc73eea1af956b5853af2e5e7e7d44e7bf3349193b539bdad

Request headers

Accept
*/*
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
cf-cache-status
DYNAMIC
p3p
CP="NON DSP COR OUR IND"
status
200
x-forwarded-https
on
cf-request-id
04865555330000dfdbd5117200000001
x-request-id
Cgq1zeqiDMt
pragma
no-cache
wn
prod-exp-10-0-132-178
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.reuters.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
5c1d8b35189adfdb-FRA
expires
Thu, 01 Jan 1970 00:00:00 GMT
truncated
/ 		38 B
38 B 		Other
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/webp
312961195854690
connect.facebook.net/signals/config/ 		525 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/312961195854690?v=2.9.23&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
11c956089d2f84d96123f77fe02363e0b95c9a9ab5edc9c3642285d58137f540
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
135383
x-xss-protection
0
pragma
public
x-fb-debug
tqrv4GMsiMcLrJHfZI4wO5ykfyiKnjZEVMA1997O+UCnGcoLXSlsLa6Jf/MpStIT1LHBeDnvDNnM2qYUOTWUWQ==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Wed, 12 Aug 2020 22:13:28 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
article-recirc
sope.prod.reuters.tv/program/rcom/v1/ 		13 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sope.prod.reuters.tv/program/rcom/v1/article-recirc?edition=us&pageid=USKCN24W25W&modules=rightrail,ribbon,bottom
Requested by
Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:624f:b000:1a0c:44be:c431:52fe Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
b57edf9e12c72fcbdd2385fd05b19a276bf8629efd6765ede37a495f651d7904

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
seq
fbf9447f-7262-475b-b1f6-90c7eb2f00b2

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
x-origin
i-05bcab1ca82367d47.sope.prod.us.reuters.tv
server
nginx/1.14.0 (Ubuntu)
x-amzn-trace-id
Root=1-5f346988-3e387a802b2ed100afe904c0
status
200
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
connection, range, accept-encoding, user-agent, referer, seq
content-length
13431
smartads_video_json.pl
www.dianomi.com/cgi-bin/ 		1 KB
865 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/cgi-bin/smartads_video_json.pl?id=4729&cf=545.4.Reuters%20Feed
Requested by
Host: www.dianomi.com
URL: https://www.dianomi.com/js/videofeed-combined.js?id=123
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc969d3d6198b1e616050dce0f4694e79875626c60f17be92dc3c3d227a2f8fa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.reuters.com
x-xss-protection
1; mode=block
cache-control
private, no-cache, no-store, must-revalidate, max-age=0, pre-check=0, post-check=0
access-control-allow-credentials
true
cf-ray
5c1d8b354d760497-CDG
cf-request-id
04865555500000049799077200000001
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-238-139.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 12 Aug 2020 22:13:28 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
884
Expires
Thu, 13 Aug 2020 22:13:28 GMT
gwiq.js
gwiqcdn.globalwebindex.net/gwiq/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gwiqcdn.globalwebindex.net/gwiq/gwiq.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.93.216 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
216.93.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
6aa7c3edbc1ee1fe66d4db0fea18aa2d0bbe0dfae05d228c9ffeeaeacb6f1c53

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:21:23 GMT
age
3125
x-guploader-uploadid
AAANsUmLaFPT0Lrn34WvaDbUWZbd6BSjRHWiNnj-5ASux_3nCH5lpps9yvpSUq9nl8L-dY2e3j0MPoXd6_YyVqAwOG1_DGxCxw
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
5766
last-modified
Wed, 15 Apr 2020 08:49:27 GMT
server
UploadServer
etag
"aba61abde9777087262fb27526ba1ef6"
x-goog-hash
crc32c=yYfjgA==, md5=q6Yavel3cIcmL7J1Jroe9g==
x-goog-generation
1586940567400828
cache-control
public, max-age=3600
x-goog-stored-content-length
5766
accept-ranges
bytes
content-type
application/javascript
expires
Wed, 12 Aug 2020 22:21:23 GMT
beacon
beacon.tru.am/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://beacon.tru.am/beacon
Requested by
Host: tru.am
URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:374 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
access-control-allow-origin
https://www.reuters.com
cache-control
no-cache, private, max-age=0
cf-ray
5c1d8b358f3e1f35-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
cf-request-id
048655557300001f35b814f200000001
expires
Thu, 01 Jan 1970 00:00:00 UTC
61500
l.betrad.com/site/v3/1237/5669/5/1/3/2/ 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.betrad.com/site/v3/1237/5669/5/1/3/2/61500?consent=0
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.28.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-231-28-41.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
x-powered-by
Express
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary
Accept-Encoding
bidexchange.js
contextual.media.net/ 		440 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1
Requested by
Host: static.reuters.com
URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e74fb7e990ba39b4b4dcc5bdac5c7ba1e987371518e6241aaf388ce7929f2b75
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Wed, 12 Aug 2020 22:13:28 GMT
vary
Accept-Encoding
x-mnet-h
E
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=1800
expires
Wed, 12 Aug 2020 22:43:28 GMT
61500
l.betrad.com/site/v3/1237/5669/5/5/3/2/ 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.betrad.com/site/v3/1237/5669/5/5/3/2/61500?consent=0
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.28.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-231-28-41.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
x-powered-by
Express
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary
Accept-Encoding
vendorlist.json
www.reuters.com/json/api/ 		89 KB
89 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.reuters.com/json/api/vendorlist.json
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.8 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-8.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
61c564503fd8c3d2e54685465eaac1999b423c7a7c85fc40f6ac16fc95b44110

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
browser-expires
Wed, 12 Aug 2020 22:13:28 GMT
server
nginx
x-amz-cf-pop
DUS51-C1
status
200
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-allow-headers
Access-Control-Allow-Origin,charset
x-amz-cf-id
g0BRIPhRB919tCbXBHTociNBrA9FKIue_j1Ey5E_L0_z_ErzpJ2T9g==
via
1.1 dfeaf865724e57eaac72220929416926.cloudfront.net (CloudFront)
expires
Wed, 12 Aug 2020 22:14:28 GMT
intersection-observer.js
www.dianomi.com/js/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/js/intersection-observer.js
Requested by
Host: www.dianomi.com
URL: https://www.dianomi.com/js/videofeed-combined.js?id=123
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8567ea9f657a5f2ea1633ec26b13de309f60f0921a278db2a9be91d2e48984e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
5012
cf-polished
origSize=29813
status
200
x-xss-protection
1; mode=block
last-modified
Thu, 21 May 2020 13:02:02 GMT
server
cloudflare
etag
W/"7475-5a6281e5fc48b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 13 Aug 2020 02:13:28 GMT
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-request-id
048655559c000004979907a200000001
cf-ray
5c1d8b35ce800497-CDG
cf-bgj
minify
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=6035630&ns__t=1597270408633&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20crimina...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1597270408633&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20crimin...
0
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1597270408633&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9=&cs_ak_ss=1
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-238-139.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:28 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=6035630&ns__t=1597270408633&ns_c=UTF-8&cv=3.5&c8=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&c7=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&c9=&cs_ak_ss=1
Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:28 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
vendorlist.json
vendorlist.consensu.org/ 		99 KB
18 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vendorlist.consensu.org/vendorlist.json
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:e00:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca16dd3adebfcc177d21d8fe9fa1f3f1659479394e1c142b27d96cba5bf85058

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 06 Aug 2020 16:11:52 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age
540097
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 06 Aug 2020 16:00:36 GMT
server
AmazonS3
access-control-max-age
604800
access-control-allow-methods
GET
x-amz-version-id
iUD8pa64KfvldrKJx93Vo4wA6Cnzn4uC
via
1.1 58dd513f0a53b3e6851a071cb857a706.cloudfront.net (CloudFront)
cache-control
max-age=604800
x-amz-cf-pop
DUS51-C1
content-type
application/json; charset=utf-8
x-amz-cf-id
oRKjjqnWc4CToMPvSvvop--N7tGWRNynR3Oh8RvZvSpy1cEPT-gL4g==
tc.js
contextual.media.net/ 		11 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/tc.js?&tpkey=TB4M82W&size=300x250&v=19&nat=1&https=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3c0d27b79bfe51d6abbc99eb79bd7731804fa80823d85bce422ee364185c6126
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Wed, 12 Aug 2020 22:13:28 GMT
vary
Accept-Encoding
x-mnet-h
E
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=172800
content-length
6573
expires
Fri, 14 Aug 2020 22:13:28 GMT
tc.js
contextual.media.net/ 		13 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/tc.js?&tpkey=T645KQG&size=728x90&v=19&nat=1&https=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d27b59be0fa35fd199035fb3d095a553cf11e6c7b44d583b2942650fc3da5977
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Wed, 12 Aug 2020 22:13:28 GMT
vary
Accept-Encoding
x-mnet-h
E
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=172800
content-length
7712
expires
Fri, 14 Aug 2020 22:13:28 GMT
px.gif
contextual.media.net/ 		43 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/px.gif?&ch=1&vn=1
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
last-modified
Wed, 19 Jul 2017 10:11:12 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
image/gif
status
200
cache-control
max-age=992559
accept-ranges
bytes
content-length
43
expires
Mon, 24 Aug 2020 09:56:07 GMT
px.gif
s.mnet-ad.net/ 		43 B
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.mnet-ad.net/px.gif?&ch=2&vn=1
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.81.204.228 , Virgin Islands (British), ASN40034 (CONFLUENCE-NETWORK-INC, VG),
Reverse DNS
Software
Apache /
Resource Hash
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 12 Aug 2020 22:13:29 GMT
Last-Modified
Wed, 19 Jul 2017 10:11:12 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=1209600
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=105
Content-Length
43
Expires
Wed, 26 Aug 2020 22:13:29 GMT
rtbsspub
cdneu-xch.media.net/AdExchange/ 		52 KB
53 KB 		EventSource
General
Check archive.org
Download Go to
Full URL
https://cdneu-xch.media.net/AdExchange/rtbsspub?&gdpr=1&gdprconsent=0&usp_enf=1&usp_status=0&us_privacy=1---&cid=8CUF1VN4G&region=eu&ptrid=8PRL4E7N3&requestString=391166652*9%7C300x600%7C8CUD609M7%7C362622121%7C%7C%7C1%40391166652*23%7C300x250~300x600%7C8CUF1VN4G%7C12762257~12762257%7C%7C%7C1%40391166652*29%7C300x250~300x600%7C11384%7C31484_123996_15~31484_123996_10%7C%7C%7C1%40391166652*51%7C300x250~300x600%7C973973%7C11084976~11084976%7C0.07%7C%7C1%40391166652*59%7C300x250~300x600%7C8CUF1VN4G%7C_112891~_112891%7C0.07%7C%7C1%40391166652*74%7C300x250~300x600%7C1113800%7C12209207~12209207%7C%7C%7C1%40391166652*84%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652%7C%7C%7C3%40391166652*97%7C300x250~300x600%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C0.63%7C%7C1%40391166652*108%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*117%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*145%7C300x600~300x250%7C100600%7C147215~147215%7C%7C%7C1%40391166652*172%7C300x250~300x600%7C8CUF1VN4G%7C15331955~15331955%7C0.06%7C%7C1%40391166652*175%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C0.01%7C%7C1%40391166652*178%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*201%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*203%7C300x250~300x600%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*214%7C300x600~300x250%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*222%7C300x250~300x600%7C8CUF1VN4G%7C391166652_8CUF1VN4G~391166652_8CUF1VN4G%7C%7C%7C1%40391166652*3007%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*3010%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652_8CUF1VN4G%7C%7C%7C3%40391166652*3015%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C391166652~391166652%7C%7C%7C3%40451439109*4%7C300x250%7C8CUD609M7%7C155187763%7C%7C%7C1%40451439109*23%7C300x250%7C8CUF1VN4G%7C12762293%7C%7C%7C1%40451439109*29%7C300x250%7C11384%7C31484_123998_15%7C%7C%7C1%40451439109*51%7C300x250%7C973973%7C11084979%7C0.07%7C%7C1%40451439109*59%7C300x250%7C8CUF1VN4G%7C_112891%7C0.07%7C%7C1%40451439109*84%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109%7C%7C%7C3%40451439109*97%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C0.63%7C%7C1%40451439109*108%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*117%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*145%7C300x250%7C100600%7C147218%7C%7C%7C1%40451439109*172%7C300x250%7C8CUF1VN4G%7C15331958%7C0.06%7C%7C1%40451439109*175%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C0.01%7C%7C1%40451439109*178%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*203%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*214%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*222%7C300x250%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C1%40451439109*3007%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*3010%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40451439109*3014%7C1x1_TB4M82W_1%7C8CUF1VN4G%7C451439109_8CUF1VN4G%7C%7C%7C3%40518121357*4%7C728x90%7C8CUD609M7%7C996968123%7C%7C%7C1%40518121357*23%7C728x90%7C8CUF1VN4G%7C12762293%7C%7C%7C1%40518121357*29%7C728x90%7C11384%7C31484_123998_2%7C%7C%7C1%40518121357*51%7C728x90%7C973973%7C11084978%7C0.69%7C%7C1%40518121357*59%7C728x90%7C8CUF1VN4G%7C_112891%7C0.07%7C%7C1%40518121357*84%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357%7C%7C%7C3%40518121357*97%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C0.63%7C%7C1%40518121357*108%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C3%40518121357*117%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C3%40518121357*145%7C728x90%7C100600%7C147217%7C%7C%7C1%40518121357*172%7C728x90%7C8CUF1VN4G%7C15331957%7C0.06%7C%7C1%40518121357*175%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C0.01%7C%7C1%40518121357*178%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C1%40518121357*203%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C1%40518121357*214%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C1%40518121357*222%7C728x90%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C1%40518121357*3007%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C3%40518121357*3010%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C3%40518121357*3014%7C1x1_T645KQG_1%7C8CUF1VN4G%7C518121357_8CUF1VN4G%7C%7C%7C3%40612341223*23%7C728x90%7C8CUF1VN4G%7C12762257%7C%7C%7C1%40612341223*29%7C728x90~970x250%7C11384%7C31484_123996_2~31484_123996_57%7C%7C%7C1%40612341223*51%7C728x90%7C973973%7C11084975%7C0.69%7C%7C1%40612341223*59%7C728x90~970x250%7C8CUF1VN4G%7C_112891~_112891%7C0.07%7C%7C1%40612341223*74%7C728x90~970x250%7C1113800%7C12209209~12209209%7C%7C%7C1%40612341223*84%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223%7C%7C%7C3&crid=391166652%2C451439109%2C518121357%2C612341223&sd=1&requrl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&bl=1&rt=5&dn=https://www.reuters.com&https=1&act=headerBid&prvReqId=359690652585974911597270408793&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.8471136231268714&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A7286%7D&itype=HB&cc=FR&rc=IDF&ct=PARIS&sid=8973&scc=1&tmt=200&section=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&prid=8PRVCXX19&isRefresh=0&switch=1
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.140.165 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-140-165.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f7d8607e2c1a88b4f3ec600853f3bc64cc29705b5e97ea1fbd579d2eefb8bf9c

Request headers

Accept
text/event-stream
Cache-Control
no-cache
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:28 GMT
status
200
content-type
text/event-stream;charset=UTF-8
access-control-allow-origin
https://www.reuters.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*, *
expires
Wed, 12 Aug 2020 22:13:28 GMT
rtbsspub
cdneu-xch.media.net/AdExchange/ 		18 KB
18 KB 		EventSource
General
Check archive.org
Download Go to
Full URL
https://cdneu-xch.media.net/AdExchange/rtbsspub?&gdpr=1&gdprconsent=0&usp_enf=1&usp_status=0&us_privacy=1---&cid=8CUF1VN4G&region=eu&ptrid=8PRL4E7N3&requestString=612341223*9%7C728x90~970x250%7C8CUD609M7%7C813012502~450341239%7C%7C%7C1%40612341223*97%7C728x90~970x250%7C8CUF1VN4G%7C612341223_8CUF1VN4G~612341223_8CUF1VN4G%7C0.63%7C%7C1%40612341223*108%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*117%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*145%7C728x90~970x250%7C100600%7C147214~147214%7C%7C%7C1%40612341223*172%7C728x90~970x250%7C8CUF1VN4G%7C15303527~15303527%7C0.06%7C%7C1%40612341223*175%7C728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C0.01%7C%7C1%40612341223*178%7C728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C1%40612341223*203%7C728x90~970x250%7C8CUF1VN4G%7C612341223_8CUF1VN4G~612341223_8CUF1VN4G%7C%7C%7C1%40612341223*214%7C970x250~728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G~612341223_8CUF1VN4G%7C%7C%7C1%40612341223*222%7C728x90%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C1%40612341223*3007%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*3010%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223_8CUF1VN4G%7C%7C%7C3%40612341223*3015%7C1x1_T645KQG_1%7C8CUF1VN4G%7C612341223~612341223%7C%7C%7C3%40894667540*9%7C300x250%7C8CUD609M7%7C611759711%7C%7C%7C1%40894667540*59%7C300x250%7C8CUF1VN4G%7C_112891%7C0.07%7C%7C1%40894667540*97%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C0.63%7C%7C1%40894667540*175%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C0.01%7C%7C1%40894667540*178%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*201%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*203%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*214%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1%40894667540*222%7C300x250%7C8CUF1VN4G%7C894667540_8CUF1VN4G%7C%7C%7C1&crid=612341223%2C894667540&sd=1&requrl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&bl=1&rt=5&dn=https://www.reuters.com&https=1&act=headerBid&prvReqId=328716678738021891597270408808&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.20147588481858403&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A7286%7D&itype=HB&cc=FR&rc=IDF&ct=PARIS&sid=8973&scc=1&tmt=200&section=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&prid=8PRVCXX19&isRefresh=0
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.140.165 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-62-140-165.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
eb27c3daa626cc85da47512108ab80060524e0356ce0d7513466d8f3c1b6e151

Request headers

Accept
text/event-stream
Cache-Control
no-cache
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:28 GMT
status
200
content-type
text/event-stream;charset=UTF-8
access-control-allow-origin
https://www.reuters.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*, *
expires
Wed, 12 Aug 2020 22:13:28 GMT
getcookie
evidon.mgr.consensu.org/iab/ 		169 B
381 B 		Script
General
Check archive.org
Download Go to
Full URL
https://evidon.mgr.consensu.org/iab/getcookie
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.156.236.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-236-131.compute-1.amazonaws.com
Software
/
Resource Hash
9b133863146a5f391e8cee0842cafc7498ae89b6f79edbecfc842055342c1fe2

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
x-amzn-requestid
cfcac29d-d168-4d49-9aae-a2fd9f31b9eb
status
200
content-type
text/javascript
access-control-allow-origin
*
x-amzn-trace-id
Root=1-5f346989-65b948781dcc38a853b24500;Sampled=0
x-amz-apigw-id
RLVtbGvsoAMFf-A=
content-length
169
gpt.js
www.googletagservices.com/tag/js/ 		55 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b13fd23c0effcdc881aa98e5754af4cdefedd4ba4db81a6310850f8635405b82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"600 / 430 of 1000 / last-modified: 1597266776"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
18765
x-xss-protection
0
expires
Wed, 12 Aug 2020 22:13:28 GMT
integrator.js
adservice.google.de/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.reuters.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.reuters.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
pubads_impl_2020080501.js
securepubads.g.doubleclick.net/gpt/ 		262 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
sffe /
Resource Hash
2a7a5100d1b04b40f49ec3661a2ce57d3af5acbd35497cd946e87912a6c9e021
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 05 Aug 2020 08:42:44 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
94052
x-xss-protection
0
expires
Wed, 12 Aug 2020 22:13:28 GMT
pub
pixel.adsafeprotected.com/services/ 		325 B
557 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:dpslot_mpu_12936365_USKCN24W25W,ss:%5B300.250,300.600,1.1%5D,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=91ec6d08-8ec1-40f8-c4e0-c637f7cd4d53&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by
Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.116.20 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-116-20.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
916944fb8e292fa140a6e759848c318ba8c1a0cecb5297d486ba63a372806137

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
x-server-name
app11.ie.303net.net
status
200
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.reuters.com
access-control-expose-headers
X-Server-Name
access-control-allow-credentials
true
timing-allow-origin
*
server
nginx
pub
pixel.adsafeprotected.com/services/ 		331 B
564 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:canvas_leaderboard_5556107408761597_USKCN24W25W,ss:%5B728.90,970.250,970.90,1100.100,1100.90,1100.250,1.1%5D,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=91ec6d08-8ec1-40f8-c4e0-c637f7cd4d53&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by
Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.116.20 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-116-20.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0d4cd8758e47bca38e411a21e1f62d81499d29214a1d358f24b7c10c49625c68

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
x-server-name
app09.ie.303net.net
status
200
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.reuters.com
access-control-expose-headers
X-Server-Name
access-control-allow-credentials
true
timing-allow-origin
*
server
nginx
pub
pixel.adsafeprotected.com/services/ 		56 B
289 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:dpslot_connatix_3774482_USKCN24W25W,s:1100,420.1100,400.fluid,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=91ec6d08-8ec1-40f8-c4e0-c637f7cd4d53&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by
Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.116.20 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-116-20.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
bf3669795bba5ee81c6defbeb24c48986d4693233ce0964138e897363527c3af

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
x-server-name
app14.ie.303net.net
status
200
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.reuters.com
access-control-expose-headers
X-Server-Name
access-control-allow-credentials
true
timing-allow-origin
*
server
nginx
pub
pixel.adsafeprotected.com/services/ 		290 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/services/pub?anId=10764&slot=%7Bid:dpslot_bizdev_article_rr2_12220172_USKCN24W25W,ss:%5B300.280,300.250%5D,p:/4735792/us.reuters/tentpoles/cyberrisk/article,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=91ec6d08-8ec1-40f8-c4e0-c637f7cd4d53&url=https%253A%252F%252Fwww.reuters.com%252Farticle%252Fus-cyber-cwt-ransom%252Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Requested by
Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.116.20 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-116-20.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4de694ee2c3df7b6af5802e4acb2ebbb9de6daedd7e456fea3003b71336ea456

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
x-server-name
app25.ie.303net.net
status
200
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.reuters.com
access-control-expose-headers
X-Server-Name
access-control-allow-credentials
true
timing-allow-origin
*
server
nginx
p
api.segment.io/v1/ 		21 B
141 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.112.221.239 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-50-112-221-239.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
200
date
Wed, 12 Aug 2020 22:13:29 GMT
access-control-allow-origin
https://www.reuters.com
content-length
21
vary
Origin
content-type
application/json
/
www.facebook.com/tr/ 		44 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=312961195854690&ev=PageView&dl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&rl=&if=false&ts=1597270409150&sw=1600&sh=1200&v=2.9.23&r=stable&a=seg&ec=0&o=30&fbp=fb.1.1597270409150.1389721253&it=1597270408518&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 12 Aug 2020 22:13:29 GMT
collect
www.google-analytics.com/ 		35 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j83&aip=1&a=1535783757&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&dp=%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&ul=en-us&de=UTF-8&dt=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiEAjR~&jid=451236038&gjid=1686564113&cid=646349505.1597270408&tid=UA-24152976-22&_gid=1537310197.1597270408&cd2=Cyberrisk&cd11=us-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals&cd4=Article%20-%20News&cd32=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&cd8=0&cd10=Slideshow&cd9=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&cd19=Page%20Load&cd7=Desktop&cd6=U.S.&cd5=Article&cd17=Jack%20Stubbs&cd3=Tentpoles%20-%20Cyberrisk&cd1=Tentpoles&cd13=529&cd18=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&cd38=false&cd40=RCOMUS_Cyberrisk&cd41=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&cd42=USKCN24W25W&cd43=KCN24W25W&cd44=4&cd45=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&z=58845549
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Aug 2020 10:32:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
128434
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-24152976-22&cid=646349505.1597270408&jid=451236038&gjid=1686564113&_gid=1537310197.1597270408&_u=aGDAiEAjR~&z=1884949020
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=646349505.1597270408&jid=451236038&_v=j83&z=1884949020
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=646349505.1597270408&jid=451236038&_v=j83&z=1884949020&slf_rd=1&random=4180094569
42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=646349505.1597270408&jid=451236038&_v=j83&z=1884949020&slf_rd=1&random=4180094569
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:29 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-24152976-22&cid=646349505.1597270408&jid=451236038&_v=j83&z=1884949020&slf_rd=1&random=4180094569
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
0b9ae0631dc9cb1d12dd2eb240ef07bb.png
static.reuters.com/resources_v2/react/CKB-23169-b72/ 		22 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.reuters.com/resources_v2/react/CKB-23169-b72/0b9ae0631dc9cb1d12dd2eb240ef07bb.png
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
9f9104dee58871cdb561e4f139fcf095a2fc1fcb0a7778a964975e6b12059c6a

Request headers

Referer
https://static.reuters.com/resources_v2/react/CKB-23169-b72/article.bundle.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 23:43:03 GMT
content-encoding
gzip
age
81026
x-cache
Hit from cloudfront
status
200
content-length
9050
last-modified
Thu, 16 Jul 2020 21:01:42 GMT
server
nginx
vary
Accept-Encoding
content-type
image/png
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
T5_ZHhYGEqx8ffMwjUjEQo4MZ0XnCDZx3wEPbi8dcVJZtlUjf9Uy_Q==
expires
Wed, 12 Aug 2020 23:43:03 GMT
/
static.reuters.com/resources/r/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.reuters.com/resources/r/?m=02&d=20200812&t=2&i=1529399733&r=LYNXNPEG7B0P3&w=120
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
6f4ae319a9f80c61a3c9734248d8be481ae430185443f3b2747bc1b4f617cc8f

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:31:11 GMT
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-expiration
expiry-date="Sat, 12 Sep 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified
Wed, 12 Aug 2020 21:17:15 GMT
server
nginx
age
2538
etag
"7bff502a77ef4d417ccc5b02c79a36d3"
x-cache
Hit from cloudfront
x-amz-version-id
f6xlBLFwfiX4dHtmj4I1UbZZbQl4wdKw
status
200
x-amz-cf-pop
DUS51-C1
content-type
image/jpeg
content-length
1831
x-amz-cf-id
QZ_xEkp7YFwR8RkHLRBDt4bRrVnxFErHgj4eCiTdzsjt6u7K5BtDTw==
/
static.reuters.com/resources/r/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.reuters.com/resources/r/?m=02&d=20200812&t=2&i=1529329016&r=LYNXNPEG7B0PA&w=120
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
deebd915997d1fc20b8c17b0ac9e57a20b84cb44a54858b18d0ad0ee6ea51f5a

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 10:30:10 GMT
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-expiration
expiry-date="Sat, 12 Sep 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified
Wed, 12 Aug 2020 10:20:11 GMT
server
nginx
age
42199
etag
"758ffec099d7a1e63dcb76ef5a815fdd"
x-cache
Hit from cloudfront
x-amz-version-id
3gjoPXEtuzQ0hPztG09uRglvhBw6By_1
status
200
x-amz-cf-pop
DUS51-C1
content-type
image/jpeg
content-length
3453
x-amz-cf-id
vttnNRtJdV0MY-cnreAhTyxjue7KSWaJHAsHB1OcgGC7IByt8P73mQ==
/
static.reuters.com/resources/r/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.reuters.com/resources/r/?m=02&d=20200811&t=2&i=1529196472&r=LYNXNPEG7A0N6&w=120
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
62c155232156eb11fcfd2db27dc8304f7c2fd810da25bfa7740ef28b0b156f88

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
msd_zdO3pS8XGXFU0GWNDWAbszZeVy_g
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-expiration
expiry-date="Fri, 11 Sep 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified
Tue, 11 Aug 2020 12:27:57 GMT
server
nginx
age
34699
etag
"34bdde8058497a81615be5df096f5a05"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
date
Wed, 12 Aug 2020 12:35:11 GMT
x-amz-cf-pop
DUS51-C1
content-length
2177
x-amz-cf-id
b3vfZ2CU6Mms_x9lgKy3H8-3VwcyPoEHTMsWTnOlO_x97Uk-8cYjdQ==
/
static.reuters.com/resources/r/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.reuters.com/resources/r/?m=02&d=20200812&t=2&i=1529284349&r=LYNXNPEG7B02O&w=120
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
25adad9ca79b728ee179d70f9f9251b37634f92ddc1421d1e4204b1fbad4e303

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 04:05:22 GMT
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-expiration
expiry-date="Sat, 12 Sep 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified
Wed, 12 Aug 2020 02:00:18 GMT
server
nginx
age
65287
etag
"f4dcc1a43f8e8e69191d9b322c09df72"
x-cache
Hit from cloudfront
x-amz-version-id
nZUmN3Gxuxf9IGq3cUUGVDwbxfhN0JdW
status
200
x-amz-cf-pop
DUS51-C1
content-type
image/jpeg
content-length
2257
x-amz-cf-id
33gB1Mwu1k65H-Z9nPJfelRWE4kCetwIMEN5U5D07EJGSoT0E2m-yQ==
/
static.reuters.com/resources/r/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.reuters.com/resources/r/?m=02&d=20200812&t=2&i=1529400432&r=LYNXNPEG7B1OJ&w=120
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
67032371580ed843d5a9460d87afa85e4c02983a1dc620b38020d311308f4e59

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:40:40 GMT
via
1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-expiration
expiry-date="Sat, 12 Sep 2020 00:00:00 GMT", rule-id="ExpiraIn30Days"
last-modified
Wed, 12 Aug 2020 21:29:12 GMT
server
nginx
age
1969
etag
"a5e9afa95255b808d9ad6e1f05168034"
x-cache
Hit from cloudfront
x-amz-version-id
Bss26jeXJh963MfHzmHaezzKixPdy1B2
status
200
x-amz-cf-pop
DUS51-C1
content-type
image/jpeg
content-length
3342
x-amz-cf-id
hhkpmc_l1UzU2UIoS7Ka_3CGvNPOiUjbmVdT_7d4MnJCaY-J4oVH-Q==
ads
securepubads.g.doubleclick.net/gampad/ 		64 KB
23 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1569345106797626&correlator=127913496133486&output=ldjh&impl=fifs&adsid=NT&eid=21066943&vrg=2020080501&rdp=1&us_privacy=1---&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200812&iu_parts=4735792%2Cus.reuters%2Ctentpoles%2Ccyberrisk%2Carticle&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x250%7C300x600%7C1x1%2C728x90%7C970x250%7C970x90%7C1100x100%7C1100x90%7C1100x250%7C1x1%2C320x50%7C1100x420%7C1100x400%2C300x280%7C300x250&fluid=0%2C0%2Cheight%2C0&prev_scp=type%3Dmpu%26div_id%3D12936365%26pixel_distance%3D400%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%26mnetDNB%3D1%26mnetPageID%3D1%26mnetCV%3D3%26mnetCC%3DFR%26mnetUGD%3D4%7Ctype%3Dleaderboard%26div_id%3D5556107408761597%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%26mnetDNB%3D1%26mnetPageID%3D4%26mnetCV%3D3%26mnetCC%3DFR%26mnetUGD%3D4%7Ctype%3Dconnatix%26div_id%3D3774482%26pixel_distance%3D20000%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%7Ctype%3Dbizdev_article_rr2%26div_id%3D12220172%26pixel_distance%3D20000%26articleID%3DUSKCN24W25W%26storychannel%3DRCOMUS_Cyberrisk%253Bcyber-risk-full%253BRCOM-cyberrisk-extended%253Bcyber-security%253BbusinessNews%253Bcompanies-semi%253BeverythingNews%253BUS-The-Wire%253BUSWire_EL%253Bcompanies-swit%26story%3D0%26template%3Darticle%26p_count%3D19%26asset%3Dimage%26mnetDNB%3D1%26mnetPageID%3D5%26mnetCV%3D3%26mnetCC%3DFR%26mnetUGD%3D4&cust_params=bidxc%3D1%26admant%3DAccentureAPAC_Negative%252CArtificial_Intelligence%252CBarclays%252CBarclays_2%252CBoeing_Neg%252CBofA_Neg%252CBofA_Neg_Topics%252CCME_Negative%252CCognizant_Coronavirus_3%252CDIT_Negative_kw1%252CDWA-Cisco-Coronavirus%252CExxon_Negative%252CFRB%252CGoldmanSachs%252CIBM%252CJPMorgan_Neg%252CJuliusBaer2020_FinancialPlanning-2%252CMSFT_Neg%252CMarcusUSDeposits_1%252CMobkoi_FB_Negative%252CNegative_Keywords_3.2%252CSaudiAramco_Negative%252CTradeWeb_AiEx%252CWorkdayPG_Neg%26ntvPlacement%3D1093478&cookie_enabled=1&bc=31&abxe=1&lmt=1597270409&dt=1597270409408&dlt=1597270407531&idt=1557&frm=20&biw=1600&bih=1200&oid=3&adxs=1140%2C-12245933%2C258%2C1140&adys=404%2C-12245933%2C3487%2C3044&adks=4229296714%2C2151472195%2C2240572456%2C783605567&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&dssz=67&icsg=44040240&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1%7C0x-1%7C754x420%7C300x-1&msz=300x-1%7C0x-1%7C754x420%7C300x-1&ga_vid=646349505.1597270408&ga_sid=1597270409&ga_hid=1535783757&fws=4%2C132%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
cafe /
Resource Hash
a91de3d1cd8a53804e64f2aea1650469c1a09f3a5ab9bf6362038203a4b0b164
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22518
x-xss-protection
0
google-lineitem-id
-1,5361866584,4806613891,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,138314657807,138288736159,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.reuters.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
chartbeat_video.js
static.chartbeat.com/js/ 		69 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.chartbeat.com/js/chartbeat_video.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:6a00:18:1fcd:34e:d2a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ba607af2c8d414ab6d4bac90c526d90a939cb0adf507b6ba063265347479159d

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:33:42 GMT
content-encoding
gzip
last-modified
Fri, 24 Apr 2020 00:58:19 GMT
server
nginx
age
2387
etag
W/"5ea239ab-11347"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=7200
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
WW6VTyJdQu1olTMOKLrV5uTFJrxyZ3BuNKYdR2cJt0Q_gwo_BzvO0w==
via
1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)
expires
Wed, 12 Aug 2020 23:33:42 GMT
checksync.php
contextual.media.net/ Frame 3C56 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUF1VN4G&prvid=3%2C23%2C28%2C29%2C33%2C38%2C41%2C51%2C54%2C56%2C59%2C69%2C72%2C74%2C76%2C77%2C80%2C82%2C84%2C97%2C106%2C108%2C109%2C113%2C117%2C118%2C122%2C126%2C138%2C139%2C141%2C145%2C147%2C159%2C172%2C173%2C174%2C175%2C178%2C182%2C184%2C188%2C193%2C201%2C203%2C208%2C214%2C222%2C225%2C226%2C3004%2C3007%2C3008%2C3010%2C3012%2C3014%2C3015%2C3017&rtime=810&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUF1VN4G&dn=www.reuters.com&version=4.1&https=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8CUF1VN4G&prvid=3%2C23%2C28%2C29%2C33%2C38%2C41%2C51%2C54%2C56%2C59%2C69%2C72%2C74%2C76%2C77%2C80%2C82%2C84%2C97%2C106%2C108%2C109%2C113%2C117%2C118%2C122%2C126%2C138%2C139%2C141%2C145%2C147%2C159%2C172%2C173%2C174%2C175%2C178%2C182%2C184%2C188%2C193%2C201%2C203%2C208%2C214%2C222%2C225%2C226%2C3004%2C3007%2C3008%2C3010%2C3012%2C3014%2C3015%2C3017&rtime=810&https=1&gdpr=1&gdprconsent=0&usp_status=0&usp_consent=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status
200
server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Sat, 13 Feb 2021 22:13:29 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=504257
expires
Tue, 18 Aug 2020 18:17:46 GMT
date
Wed, 12 Aug 2020 22:13:29 GMT
content-length
4727
tag.min.js
get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/ 		42 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9SLGS
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.37 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-37.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f37beed085d2cfdd1386a8942434d8011aa20f2e7afa20d7edfd0d49998da1e7

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
last-modified
Thu, 09 Jul 2020 16:33:02 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-C1
date
Wed, 12 Aug 2020 22:13:30 GMT
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/javascript
status
200
x-amz-cf-id
Tt4GFC1Yr3RLLa4fgFrvUFxt-h6QmSlebgdYQTBSYe9TTJpuPGCC6Q==
via
1.1 dc81a30f5f4fc309ae9445723779b894.cloudfront.net (CloudFront)
/
s3.reutersmedia.net/resources/r/ 		68 B
458 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.reutersmedia.net/resources/r/?m=02&d=20170626&t=2&i=9391632524&w=300&fh=&fw=&ll=&pl=&sq=&rtn=LYNNXMPEGJ5886&x30y10&r=LIYXPPGG10FT
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
ADFCDN/5.2.3 / AdDefend GmbH
Resource Hash
adfa0c7de03bc3bea3de80b4a4514881c8b6296568f43a5acd5cd7a16fffd1c9

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:29 GMT
via
1.1 4ba9d3779ca8afc198240a34dffb07c4.cloudfront.net (CloudFront)
server
ADFCDN/5.2.3
x-amz-cf-pop
DUS51-C1
x-powered-by
AdDefend GmbH
x-cache
Miss from cloudfront
content-type
image/png
status
200
cache-control
max-age=0, max-stale=0, must-revalidate, no-cache, no-store, no-transform, post-check=0, pre-check=0, private
accept-ranges
bytes
content-length
68
x-amz-cf-id
o0Tr2N3LHK25Fk_lT1AEFyRsONqOglhv0n5EI_A2hM4wrW4h9f43IA==
expires
0
i
api.segment.io/v1/ 		21 B
141 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/i
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/IEWBqQ8VWHijTQxb7lEBGFGS9uIJzigZ/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.112.221.239 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-50-112-221-239.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
200
date
Wed, 12 Aug 2020 22:13:29 GMT
access-control-allow-origin
https://www.reuters.com
content-length
21
vary
Origin
content-type
application/json
collect
www.google-analytics.com/ 		35 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j83&aip=1&a=1535783757&t=timing&_s=2&dl=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&dp=%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&ul=en-us&de=UTF-8&dt=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=2446&pdt=30&dns=1&rrt=0&srt=342&tcp=62&dit=833&clt=833&_gst=458&_gbt=479&_cst=414&_cbt=452&_u=aHDAiEAjR~&jid=&gjid=&cid=646349505.1597270408&tid=UA-24152976-22&_gid=1537310197.1597270408&cd2=Cyberrisk&cd11=us-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals&cd4=Article%20-%20News&cd32=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&cd8=0&cd10=Slideshow&cd9=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&cd19=Page%20Load&cd7=Desktop&cd6=U.S.&cd5=Article&cd17=Jack%20Stubbs&cd3=Tentpoles%20-%20Cyberrisk&cd1=Tentpoles&cd13=529&cd18=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals&cd38=false&cd40=RCOMUS_Cyberrisk&cd41=us.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&cd42=USKCN24W25W&cd43=KCN24W25W&cd44=4&cd45=Fri%20Jul%2031%202020%2002%3A00%3A00%20GMT%2B0200%20(Central%20European%20Summer%20Time)&z=1980008549
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Aug 2020 10:32:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
128434
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ping
ping.chartbeat.net/ 		43 B
168 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ping.chartbeat.net/ping?h=reuters.com&p=reuters.com%2Farticle%2Fus-cyber-cwt-ransom-idUSKCN24W25W&u=CpvMi_DrY6k4CRHp5o&d=reuters.com&g=52639&g0=Cyberrisk&g1=Jack%20Stubbs&g4=Article&n=1&f=00001&c=0&x=0&m=0&y=7286&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=2446&t=DGl0QqCRmG4xCSm31ouiVIyBs7x6S&V=120&i=%27Payment%20sent%27%20-%20travel%20giant%20CWT%20pays%20%244.5%20million%20ransom%20to%20cyber%20criminals%20-%20Reuters&tz=-120&sn=1&sv=CXkdnTYNw2oC2bnJbs5TXmBzsiEW&sd=1&im=06679cf0&_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.30.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-30-192.compute-1.amazonaws.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
pragma
no-cache
date
Wed, 12 Aug 2020 22:13:29 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
43
expires
0
r4xu.fla9.latest.js
embed.videodelivery.net/embed/ Frame 34D6
Redirect Chain
  • https://embed.videodelivery.net/embed/r4xu.fla9.latest.js?video=be3b786e735303106d9b7250897aa256
  • https://embed.videodelivery.net/embed/r4xu.fla9.latest.js
806 KB
230 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.videodelivery.net/embed/r4xu.fla9.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:164b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb9ed631a71c48ca822486fd44614cebcff3e72ba9fc2f89998198cefadc78f3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
age
104
status
200
stream-dw-version
2020.8.2
timing-add-origin
*
cf-request-id
04865559b3000097e4ed02b200000001
last-modified
Wed, 12 Aug 2020 19:27:50 GMT
server
cloudflare
etag
W/"4808d3bc1430125112bf5b28631e6f5f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000
content-type
application/javascript
cache-control
max-age=180
access-control-expose-header
cf-ray
cf-ray
5c1d8b3c5a9297e4-FRA
expires
Wed, 12 Aug 2020 22:09:18 GMT

Redirect headers

date
Wed, 12 Aug 2020 22:13:29 GMT
server
cloudflare
status
301
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
location
https://embed.videodelivery.net/embed/r4xu.fla9.latest.js
strict-transport-security
max-age=15552000
cf-ray
5c1d8b3c3a6a97e4-FRA
content-length
0
cf-request-id
04865559a2000097e4ed029200000001
dianomi-video.css
www.dianomi.com/partner/dianomi/css/ Frame 34D6 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dianomi.com/partner/dianomi/css/dianomi-video.css?v=2.19b
Requested by
Host: www.dianomi.com
URL: https://www.dianomi.com/js/videofeed-combined.js?id=123
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccba1dcc4fa5aad31dac453fcb66ddeaab49e321c14d65ff7c278a5e74e3dcd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
5030
cf-polished
origSize=12903
status
200
x-xss-protection
1; mode=block
last-modified
Thu, 28 May 2020 16:59:58 GMT
server
cloudflare
etag
W/"3267-5a6b84237464d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
expires
Thu, 13 Aug 2020 02:13:29 GMT
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-request-id
048655598f00000497990af200000001
cf-ray
5c1d8b3c191a0497-CDG
cf-bgj
minify
150x30.jpg
www.dianomi.com/img/a/sav2/168107/12/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dianomi.com/img/a/sav2/168107/12/150x30.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2276ebb245c02bb9f3f8095698e2e7eb74d7027e777d2e2436c31b36312cde4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
21609
cf-polished
qual=85, origFmt=jpeg, origSize=1750
status
200
content-disposition
inline; filename="150x30.webp"
cf-request-id
048655598f00000497990b0200000001
cf-bgj
imgq:85,h2pri
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=604800
access-control-allow-credentials
true
cf-ray
5c1d8b3c191c0497-CDG
expires
Wed, 19 Aug 2020 22:13:29 GMT
150x30.jpg
www.dianomi.com/img/a/sav2/168107/12/ Frame 34D6 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dianomi.com/img/a/sav2/168107/12/150x30.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2276ebb245c02bb9f3f8095698e2e7eb74d7027e777d2e2436c31b36312cde4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
21609
cf-polished
qual=85, origFmt=jpeg, origSize=1750
status
200
content-disposition
inline; filename="150x30.webp"
cf-request-id
048655599000000497990b1200000001
cf-bgj
imgq:85,h2pri
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=604800
access-control-allow-credentials
true
cf-ray
5c1d8b3c191e0497-CDG
expires
Wed, 19 Aug 2020 22:13:29 GMT
dianomi-max-200x38.png
www.dianomi.com/img/ Frame 34D6 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dianomi.com/img/dianomi-max-200x38.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70503c92bcbb8105d95ec4de2012f23098c3383586e95323e4b3384b56af4beb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
196810
cf-polished
origFmt=png, origSize=3940
status
200
content-disposition
inline; filename="dianomi-max-200x38.webp"
content-length
1164
x-xss-protection
1; mode=block
last-modified
Wed, 29 Jul 2020 16:53:11 GMT
server
cloudflare
etag
"f64-5ab97641e5c82"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 12 Sep 2020 08:13:29 GMT
cache-control
public, max-age=2628000
access-control-allow-credentials
true
cf-request-id
048655599000000497990b2200000001
accept-ranges
bytes
cf-ray
5c1d8b3c191f0497-CDG
cf-bgj
imgq:85,h2pri
/
s3.reutersmedia.net/resources/r/adinclude/ 		68 B
460 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.reutersmedia.net/resources/r/adinclude/?m=02&d=20170520&t=2&i=3572511741&w=201&fh=&fw=&ll=&pl=&sq=2&r=CNHE5886.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.12 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-12.dus51.r.cloudfront.net
Software
ADFCDN/5.2.3 / AdDefend GmbH
Resource Hash
adfa0c7de03bc3bea3de80b4a4514881c8b6296568f43a5acd5cd7a16fffd1c9

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:29 GMT
via
1.1 4ba9d3779ca8afc198240a34dffb07c4.cloudfront.net (CloudFront)
server
ADFCDN/5.2.3
x-amz-cf-pop
DUS51-C1
x-powered-by
AdDefend GmbH
x-cache
Miss from cloudfront
content-type
image/png
status
200
cache-control
max-age=0, max-stale=0, must-revalidate, no-cache, no-store, no-transform, post-check=0, pre-check=0, private
accept-ranges
bytes
content-length
68
x-amz-cf-id
HwTFHSKQgV-qi4yd20EgXwXEbA6ULUCWf5fDeo_FoEC7U87gTUEDZw==
expires
0
/
www.facebook.com/tr/ 		0
83 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryYDCAxDBXBXAbmKwG

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Wed, 12 Aug 2020 22:13:29 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://www.reuters.com
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
2ce94e31-64ac-47cb-b135-306ced8887e6
https://www.reuters.com/ Frame 34D6 		31 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.reuters.com/2ce94e31-64ac-47cb-b135-306ced8887e6
Requested by
Host: embed.videodelivery.net
URL: https://embed.videodelivery.net/embed/r4xu.fla9.latest.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
31
Content-Type
application/javascript
iframe-host-init-chunk.44862d57.chunk.js
embed.videodelivery.net/embed/ Frame 34D6 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.videodelivery.net/embed/iframe-host-init-chunk.44862d57.chunk.js
Requested by
Host: embed.videodelivery.net
URL: https://embed.videodelivery.net/embed/r4xu.fla9.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:164b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f292774eb8270d3e7271ea7c7bdd95aaee07cbdfed7ff9c960f76b6c8380d8a0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
age
18
status
200
stream-dw-version
2020.8.2
timing-add-origin
*
cf-request-id
0486555a52000097e4ed035200000001
last-modified
Wed, 12 Aug 2020 17:25:27 GMT
server
cloudflare
etag
W/"e09fdc0f248755d05e76bca1e635534f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000
content-type
application/javascript
cache-control
max-age=180
access-control-expose-header
cf-ray
cf-ray
5c1d8b3d5b3e97e4-FRA
expires
Wed, 12 Aug 2020 22:13:32 GMT
Speaker_Icon.svg
www.dianomi.com/img/icons/ Frame 34D6 		1 KB
773 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dianomi.com/img/icons/Speaker_Icon.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a0a7048c91048d2c7ebadf647023c3218cb6d6a77b1bf3e73a49387073ffcde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
1501075
status
200
cf-request-id
0486555a6e00000497990be200000001
last-modified
Wed, 26 Sep 2018 11:17:57 GMT
server
cloudflare
etag
W/"54c-576c45fe077fd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=2628000
access-control-allow-credentials
true
cf-ray
5c1d8b3d7b740497-CDG
expires
Sat, 12 Sep 2020 08:13:29 GMT
Mute_Icon.svg
www.dianomi.com/img/icons/ Frame 34D6 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dianomi.com/img/icons/Mute_Icon.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d17258ef212cb8d281097a87b379d7fd9de51ce6fe261329c37b431e623c5f54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
1501075
status
200
cf-request-id
0486555a6f00000497990bf200000001
last-modified
Wed, 26 Sep 2018 11:17:57 GMT
server
cloudflare
etag
W/"9fa-576c45fe050ec"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=2628000
access-control-allow-credentials
true
cf-ray
5c1d8b3d7b7a0497-CDG
expires
Sat, 12 Sep 2020 08:13:29 GMT
iframe.fla9.98f0c7f.html
embed.videodelivery.net/embed/ Frame 31E7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://embed.videodelivery.net/embed/iframe.fla9.98f0c7f.html?videoId=be3b786e735303106d9b7250897aa256
Requested by
Host: embed.videodelivery.net
URL: https://embed.videodelivery.net/embed/iframe-host-init-chunk.44862d57.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:164b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

:method
GET
:authority
embed.videodelivery.net
:scheme
https
:path
/embed/iframe.fla9.98f0c7f.html?videoId=be3b786e735303106d9b7250897aa256
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 12 Aug 2020 22:13:29 GMT
content-type
text/html
set-cookie
__cfduid=d3d631f9266ce8d1bde2f6ec6ae2bbb671597270409; expires=Fri, 11-Sep-20 22:13:29 GMT; path=/; domain=.videodelivery.net; HttpOnly; SameSite=Lax; Secure
cf-ray
5c1d8b3dab8897e4-FRA
age
3
cache-control
max-age=180
etag
W/"1e93e990cf2a1db7f6f092aae4a05cea"
expires
Wed, 12 Aug 2020 22:13:55 GMT
last-modified
Wed, 12 Aug 2020 19:27:56 GMT
cf-cache-status
HIT
access-control-expose-header
cf-ray
cf-request-id
0486555a88000097e4ed038200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
stream-dw-version
2020.8.2
timing-add-origin
*
vary
Accept-Encoding
strict-transport-security
max-age=15552000
server
cloudflare
content-encoding
gzip
container.html
8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 0003 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-37/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
2973
date
Wed, 12 Aug 2020 22:13:29 GMT
expires
Thu, 12 Aug 2021 22:13:29 GMT
last-modified
Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
0
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
394415bedb33f0d07d610f1ac10439e12098d7a747aca0510cddabca81a9092d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1597059737948561"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27037
x-xss-protection
0
expires
Wed, 12 Aug 2020 22:13:29 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame B6A4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsulAzR0mK2ajOT7uxdM25rsUbCmxGXL32xIufIZJqbqbhvABOFSlaVJHrQrkSlNApC2MVzPTfXUcQ94GRc5RKvEpuJwEyCorEv5nT0G7WshfTUo-UjKz6hJlixLiCUKKtypi1Gh6_mScZ944MXpw7dXzyjTq7V6HBIXLfs0qsFKngDRmwZMpxfXN7xOJeRNGix_EDICQrjqh6FJ_45leDG94PEtRXbrhF_kSmwUvMv59vIR-Ld_zRn53E8ftvcQiMDfz2zvZCgOBB4_1k5YEPaPirJTnbf16nEylzhxhnU&sig=Cg0ArKJSzNmNoVCveGe2EAE&adurl=
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 12 Aug 2020 22:13:29 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20200805/r20110914/ Frame B6A4 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20200805/r20110914/abg_lite_fy2019.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c53a73d64545befe969e606eef1df1c39fef33fe9ee72d34d1889d109fb04156
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 20:10:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
612207
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6967
x-xss-protection
0
server
cafe
etag
11533007830708205839
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 19 Aug 2020 20:10:02 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20200805/r20110914/client/ Frame B6A4 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20200805/r20110914/client/window_focus_fy2019.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57514090aa4e30755dfb478a8e596474b2c1dcb0c4258a6a2b324853d73840e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 13:30:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
117786
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
8966445102869121928
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 25 Aug 2020 13:30:23 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame B6A4 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c516c523ffceafbf9482017d73bbcea30b998c15ca9de148fc00514561daaf67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1597059737948561"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28328
x-xss-protection
0
expires
Wed, 12 Aug 2020 22:13:29 GMT
moatad.js
z.moatads.com/reutersdfpcw319687550988/ Frame B6A4 		307 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
11558e1d027dc06afd27bf2613c169508a497d802019b0d97c417097977f00e8

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:30 GMT
content-encoding
gzip
last-modified
Wed, 29 Jul 2020 14:58:25 GMT
server
AmazonS3
x-amz-request-id
6B2E5A9F85786C6C
etag
"06798e04d86839b070d5ea052c4d21a3"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=55372
accept-ranges
bytes
content-length
105048
x-amz-id-2
WQclpEDjRyfSFyQKfMJwG8uSC6uGzBdlhGkJMT/tinliTsY3ePsbTZiYFTfe6Mji7GU9nToWvYA=
2809486281500556186
tpc.googlesyndication.com/simgad/ Frame B6A4 		74 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2809486281500556186
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
abb74f2e09d41af3c60529e946e005787c0bfc69a5342862080a5c55de585c7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 10:53:40 GMT
x-content-type-options
nosniff
age
40789
x-dns-prefetch-control
off
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
76115
x-xss-protection
0
last-modified
Thu, 18 Jun 2020 15:57:48 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 12 Aug 2021 10:53:40 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 132B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst8jdiahO9_vgrXJdbQNSFU9gqnUULj93SzijcJa01VeNQSGFXs_fq8tvBBXHZ_TNLGOepaEJcUVO6lYuJd2YXyUBi1lXc6LN14Y1WzQ5xQ6Nt0Exk3u7V6K4GsuLef9ML0esd3Bx_89FdwQ6cBpEH0qt5r9WgkEIgTm2MjuAIHPOVcQAk6diyAlbQguUEX5L4M1TgEWwCCCrpLHxeLtV1bXzgvQGH_4ohMH6NRtIPZ0XdRSm_bnMhjjAdW-D0EDj0Kl68Vlak889XlaU57BeXrDpm2WfUfjUMB_aSrTkk&sig=Cg0ArKJSzK4wan9AV2iEEAE&urlfix=1&adurl=
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 12 Aug 2020 22:13:29 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
connatix.player.dc.js
cds.connatix.com/p/44385/ Frame 6B32
Redirect Chain
  • https://cd.connatix.com/connatix.player.js
  • https://cds.connatix.com/p/44385/connatix.player.dc.js
800 KB
198 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/44385/connatix.player.dc.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f9b0def9c2f40e6dd8149a4166a4364fb3c27337e9d3e63bfbc265ecaa1f9058

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:30 GMT
content-encoding
gzip
age
27621
x-cache
HIT, HIT
status
200
content-length
202778
x-served-by
cache-dca17776-DCA, cache-hhn4024-HHN
access-control-allow-origin
*
last-modified
Wed, 12 Aug 2020 13:58:48 GMT
x-timer
S1597270410.106002,VS0,VE0
etag
"078c3c9ab4ad1e400d37fa3dc7a4c768"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 2069

Redirect headers

date
Wed, 12 Aug 2020 22:13:30 GMT
via
1.1 varnish
server
Varnish
age
0
x-served-by
cache-hhn4024-HHN
status
302
x-cache
HIT
location
https://cds.connatix.com/p/44385/connatix.player.dc.js
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
x-timer
S1597270410.065565,VS0,VE0
content-length
0
retry-after
0
x-cache-hits
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 132B 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c516c523ffceafbf9482017d73bbcea30b998c15ca9de148fc00514561daaf67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1597059737948561"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28328
x-xss-protection
0
expires
Wed, 12 Aug 2020 22:13:29 GMT
moatad.js
z.moatads.com/reutersdfpcw319687550988/ Frame 132B 		307 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
11558e1d027dc06afd27bf2613c169508a497d802019b0d97c417097977f00e8

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:30 GMT
content-encoding
gzip
last-modified
Wed, 29 Jul 2020 14:58:25 GMT
server
AmazonS3
x-amz-request-id
6B2E5A9F85786C6C
etag
"06798e04d86839b070d5ea052c4d21a3"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=55372
accept-ranges
bytes
content-length
105048
x-amz-id-2
WQclpEDjRyfSFyQKfMJwG8uSC6uGzBdlhGkJMT/tinliTsY3ePsbTZiYFTfe6Mji7GU9nToWvYA=
container.html
8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame E271 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-37/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
2973
date
Wed, 12 Aug 2020 22:13:29 GMT
expires
Thu, 12 Aug 2021 22:13:29 GMT
last-modified
Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
0
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/getconfig/ 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020080501&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4af369f700659d91f26ff2c5a7cfc17767deaaa6a9b00cb7f6223a8b1a23645e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 12 Aug 2020 22:13:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6170
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame B6A4 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvvSJQfhzK69mPfmjV37PYn1NbzBZGSVjmJpne-JxrWObgngz-gNKM_AWmuDfELWvwynQSLOe8adlMh01gpY2BpobKZXoIIiyvvKxdXTQGY7bwB_6HD-qF65Z_ygwneFArTSMu1mwS691O3oiZLeh424v8_3vbPWNXWEsdtTYChJgy5hxrOYUJ6rWdkN903wdat6w_Zfe0FgG4SKZPLLKy5BfOCMva-wPldIB672-BQx7N3s6glH06cDNfiyWcFxQm45o4jQWUtP7HdGk86VcQrvlgFv3Gau5fVCeVg-PcTEQ&sig=Cg0ArKJSzDoBzGBIPjd-EAE&adurl=
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 12 Aug 2020 22:13:30 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame B6A4 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cf9a095f05407696dc2f2739ace708d69a89914588bd2308c43f4e2d5968b624

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
jload
pixel.adsafeprotected.com/ Frame BC30 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/jload?anId=10764&campId=728x90&pubId=20067072&chanId=247866432&placementId=5361866584&pubCreative=138314657807&pubOrder=2607453244&cb=907853758&custom=leaderboard&custom2=&custom3=0&adsafe_par&impId=
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.116.20 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-116-20.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0978e7145fd8c72f405ca54132e94b35ffefb0b9b416eff00206694a4a545be4

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:30 GMT
content-encoding
gzip
x-server-name
app15.ie.303net.net
status
200
content-type
application/javascript;charset=utf-8
access-control-allow-origin
pixel.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
expires
Wed, 31 Dec 1969 23:59:59 GMT
truncated
/ Frame 132B 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
33cd59fdad56fccc91544c91eba435e9c22e29c2ca6b464dc2c4887340f150f6

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
jload
pixel.adsafeprotected.com/ Frame EE2C 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/jload?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=426815577&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.116.20 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-116-20.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
828f9f1b9c8cd0767d76835370f81a90f6154cfe3f632c3ec205f8183a24f2b2

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:30 GMT
content-encoding
gzip
x-server-name
app19.ie.303net.net
status
200
content-type
application/javascript;charset=utf-8
access-control-allow-origin
pixel.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
expires
Wed, 31 Dec 1969 23:59:59 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020080501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1591403518460474"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5540
x-xss-protection
0
expires
Wed, 12 Aug 2020 22:13:30 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame D66B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/210/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4590
date
Wed, 12 Aug 2020 21:37:54 GMT
expires
Thu, 12 Aug 2021 21:37:54 GMT
last-modified
Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2136
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
beacon.min.js
beacon.s-onetag.com/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://beacon.s-onetag.com/beacon.min.js
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:1600:5:9a4c:9b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d640ed39630d91dec61dcb107b977293ec29fecbb5e74467e017d872bf76b0db

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
iJO00mi5pglap2bW60H1GBGtloYAnC3A
content-encoding
gzip
last-modified
Thu, 09 Apr 2020 15:07:03 GMT
server
AmazonS3
age
139982
date
Tue, 11 Aug 2020 07:20:29 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
max-age=172800
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
YtnicvyUOBqI1AgmZKZ89QFLZRXVeFhZObFnVE35qzfjcbSwR1e95Q==
via
1.1 50f438df6dbb947f3e4702890bc9cc06.cloudfront.net (CloudFront)
5361866584
dfp-gateway.s-onetag.com/1/4735792/ 		110 B
582 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dfp-gateway.s-onetag.com/1/4735792/5361866584
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-85.dus51.r.cloudfront.net
Software
/
Resource Hash
c249785389db80243503114f46bee572871297bbe904ebbaf64715ac42432a4d

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 14:31:20 GMT
via
1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront), 1.1 a608f2055229f2ea193f6b8f15267a71.cloudfront.net (CloudFront)
age
27730
x-amzn-requestid
a4d67f02-c082-4d95-94dd-24413aaf988f
status
200
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400, public
x-amzn-trace-id
Root=1-5f33fd38-c5e4b8542f72c20f9b65dc69;Sampled=0
x-amz-cf-pop
FRA6-C1, DUS51-C1
x-amz-apigw-id
RKSAxH2QCYcFmbA=
content-length
110
x-amz-cf-id
jJRfDKtCjMaTnZd4OMD56Ay-Xm4kyBWcXlm6VqybjSU5LNHeRyxqJA==
4806613891
dfp-gateway.s-onetag.com/1/4735792/ 		114 B
581 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dfp-gateway.s-onetag.com/1/4735792/4806613891
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/4ed1416f-67eb-4d50-8a45-916a5921fee8/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-85.dus51.r.cloudfront.net
Software
/
Resource Hash
698a0d14189cdfa590d112b056e978324c551080f63a9e0b340b6f1b204af296

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:29:21 GMT
via
1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront), 1.1 a608f2055229f2ea193f6b8f15267a71.cloudfront.net (CloudFront)
age
2649
x-amzn-requestid
207f4e37-ad94-4b2a-a6b1-7251f0796d5d
status
200
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400, public
x-amzn-trace-id
Root=1-5f345f31-7e59d9250bddb0639e0eed51;Sampled=0
x-amz-cf-pop
FRA6-C1, DUS51-C1
x-amz-apigw-id
RLPPuEmXiYcFlpw=
content-length
114
x-amz-cf-id
__QKEarFanT5BWrZoLX8sKsy7r59anfj5wBOKXZzHXgBtsVrKPY8oA==
n.js
geo.moatads.com/ 		110 B
283 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=4007238046&tf=nMzjG---CSa7H-fUfHv-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbjBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=OP%3C1B.%5BH%3BR&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=REUTERSDFPCW3&hp=1&wf=1&vb=4&cm=23&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1597270410195&de=358734715120&m=0&ar=2bf682d4aa-clean&iw=4490aac&q=2&cb=0&ym=0&cu=1597270410195&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=20067072%3A2607453244%3A5361866584%3A138314657807&zMoatTP=leaderboard&zMoatStory=0&zMoatAU=%2F4735792%2Fus.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&zMoatRawSlicer1=3735912&zMoatRawSlicer2=247866432&zMoatReutersSlicer1=3735912&zMoatReutersSlicer2=247866432&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&id=1&ii=4&zMoatBlacklist=true&bo=3735912&bd=247866432&zMoatOrigSlicer1=3735912&zMoatOrigSlicer2=247866432&dfp=0%2C1&la=247866432&gw=reutersdfpcw319687550988&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A751%3A751%3A2450%3A833&fs=183324&na=1772564035&cs=0&callback=DOMlessLLDcallback_92823798
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.10.67.84 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-67-84.eu-west-2.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
9dd9711aada67e319aa82d18c1bf5cdcd77b30a740994f768b8a8be4c6b78e94

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:30 GMT
server
TornadoServer/4.5.3
etag
"cf72b90164d9e11822c3b033a011da064a7123f9"
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=900
timing-allow-origin
*
content-length
110
n.js
geo.moatads.com/ 		114 B
288 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=4007238046&tf=nMzjG---CSa7H-fUfHv-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbjBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=OP%3C1B.%5BH%3BR&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=REUTERSDFPCW3&hp=1&wf=1&vb=4&cm=23&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1597270410195&de=358734715120&m=0&ar=2bf682d4aa-clean&iw=4490aac&q=3&cb=0&ym=0&cu=1597270410195&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=20067072%3A2607453244%3A5361866584%3A138314657807&zMoatTP=leaderboard&zMoatStory=0&zMoatAU=%2F4735792%2Fus.reuters%2Ftentpoles%2Fcyberrisk%2Farticle&zMoatRawSlicer1=3735912&zMoatRawSlicer2=247866432&zMoatReutersSlicer1=3735912&zMoatReutersSlicer2=247866432&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&id=1&ii=4&zMoatBlacklist=true&bo=3735912&bd=247866432&zMoatOrigSlicer1=3735912&zMoatOrigSlicer2=247866432&dfp=0%2C1&la=247866432&gw=reutersdfpcw319687550988&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A751%3A751%3A2450%3A833&fs=183324&na=279263940&cs=0&callback=MoatDataJsonpRequest_92823798
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/reutersdfpcw319687550988/moatad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.10.67.84 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-67-84.eu-west-2.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
ff13950dbfb2aa65ec445b66f58bc6da80e50c786d94e9cd025a29ab66f09b33

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:30 GMT
server
TornadoServer/4.5.3
etag
"0beccec44821b753b245091cf890156c753b707f"
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=900
timing-allow-origin
*
content-length
114
connatix.player.css
cds.connatix.com/p/44385/ 		49 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/44385/connatix.player.css
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ce2ba098bd8570d95c60d33cc035ee6764193c8ff7e0d7a531d0e1e98e9ad592

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:30 GMT
content-encoding
gzip
age
27622
x-cache
HIT, HIT
status
200
content-length
8095
x-served-by
cache-dca17739-DCA, cache-hhn4024-HHN
access-control-allow-origin
*
last-modified
Wed, 12 Aug 2020 13:58:48 GMT
x-timer
S1597270410.388294,VS0,VE0
etag
"880884ab75ace2385f14bd369f4ab798"
vary
Accept-Encoding
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 2351
view
securepubads.g.doubleclick.net/pcs/ Frame 132B 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssSLlB_gwMcovpGEbD8b_E4d8Bxkaz1riv4mrQK5Xp8C_3d_ZZ8syCWOHnRYuV9M49I9BSta9okuA0WLa8706JCjZIqj8oPqF69YPOy9ud4eoczcXeVjxx8-vFAx8RIKFxqwLO4r-wMq1LosfGyDZlURzAJ1JUxPRvLMR5FLJPI_mX1evqlaUmpipBNCEUd5aKC9e4WXiVYbDzqzCARb9KJlP1r96dtRgDXVMBSLaJ3Qa5FQN11Nah3fm9ynA-fOI6PGJM3c0Z_PrFFOmgYIN_njGVm3OLsZQvdY2wlHCb4VA&sig=Cg0ArKJSzC60x42xYnbREAE&urlfix=1&adurl=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 12 Aug 2020 22:13:30 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
main.gr.19.8.111.js
static.adsafeprotected.com/ Frame BC30 		172 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/main.gr.19.8.111.js
Requested by
Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=10764&campId=728x90&pubId=20067072&chanId=247866432&placementId=5361866584&pubCreative=138314657807&pubOrder=2607453244&cb=907853758&custom=leaderboard&custom2=&custom3=0&adsafe_par&impId=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:6e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
34cdb6307b099bbbbe4bd77a40fc926d20d665f864aa629a060a8348eeb1df58

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 15:21:00 GMT
content-encoding
gzip
age
111150
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
last-modified
Tue, 11 Aug 2020 15:04:59 GMT
server
AmazonS3
etag
W/"fc8b8074cb052ac77c1348a5b1d26a7a"
vary
Accept-Encoding
x-amz-version-id
mbfh50bvtCpFumq34uSouA0rbdqMfBTn
via
1.1 e542677c3bd2d6c30a5ed3dab78f8476.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
DUS51-C1
content-type
application/javascript
x-amz-cf-id
cuZGvxyNPjlhEC12oStSY3vS2Bo1HCRSDeze0HQiEeMX5AMZQAKX4Q==
main.gr.19.8.111.js
static.adsafeprotected.com/ Frame EE2C 		172 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/main.gr.19.8.111.js
Requested by
Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=426815577&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:6e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
34cdb6307b099bbbbe4bd77a40fc926d20d665f864aa629a060a8348eeb1df58

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 15:21:00 GMT
content-encoding
gzip
age
111150
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
last-modified
Tue, 11 Aug 2020 15:04:59 GMT
server
AmazonS3
etag
W/"fc8b8074cb052ac77c1348a5b1d26a7a"
vary
Accept-Encoding
x-amz-version-id
mbfh50bvtCpFumq34uSouA0rbdqMfBTn
via
1.1 e542677c3bd2d6c30a5ed3dab78f8476.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
DUS51-C1
content-type
application/javascript
x-amz-cf-id
SDlO2bWBVKyF2ykSoyaJZ8pvLWi6rNgG5AJJX0nGaqG4cn0ZRe94kA==
pls
capi.connatix.com/core/ Frame 6B32 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/pls?v=44385
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.189.233.21 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-189-233-21.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
16e17153717305657ce5f252f8dda31ce9c2a90691bca1907d95affdb9ec0319

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Wed, 12 Aug 2020 22:13:30 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.reuters.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1289
pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=29&fi=1&apd=57&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=reuters.com&L1id=20067072&L2id=2607453244&L3id=5361866584&L4id=138314657807&S1id=3735912&S2id=247866432&ord=1597270410195&r=358734715120&t=meas&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 12 Aug 2020 22:13:30 GMT
pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=29&fi=1&apd=57&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=reuters.com&L1id=20067072&L2id=2607453244&L3id=5361866584&L4id=138314657807&S1id=3735912&S2id=247866432&ord=1597270410195&r=358734715120&t=fv&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 12 Aug 2020 22:13:30 GMT
pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=139&fi=1&apd=167&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=reuters.com&L1id=20067072&L2id=2607453244&L3id=5361866584&L4id=138314657807&S1id=3735912&S2id=247866432&ord=1597270410195&r=358734715120&t=hdn&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 12 Aug 2020 22:13:30 GMT
sca.17.4.114.js
static.adsafeprotected.com/ Frame A7BF 		81 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.4.114.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:6e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 30 Jun 2020 05:16:22 GMT
content-encoding
gzip
age
3776229
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
last-modified
Mon, 13 Jan 2020 23:54:54 GMT
server
AmazonS3
vary
Accept-Encoding
x-amz-version-id
gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via
1.1 e542677c3bd2d6c30a5ed3dab78f8476.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
DUS51-C1
content-type
application/javascript
x-amz-cf-id
Anxfhm9sl4tkh9W4d3hX9F7o7fDCfG9n5_FCXIU5oDiNhgciAvKFlg==
mon
pixel.adsafeprotected.com/ 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.adsafeprotected.com/mon?anId=10764&campId=728x90&pubId=20067072&chanId=247866432&placementId=5361866584&pubCreative=138314657807&pubOrder=2607453244&cb=907853758&custom=leaderboard&custom2=&custom3=0&adsafe_par&impId=&adsafe_url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&adsafe_type=abdfq&adsafe_jsinfo=,id:bcd7e8e9-215a-2df2-32b3-8a57a9e83487,c:ldqyn8,sl:inView,em:true,fr:true,mn:app15ie,pt:1-5-15,wc:0.0.1600.1200,ac:436.92.728.90,am:i,cc:436.92.728.90,piv:100,obst:0,th:0,reas:,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,fm:s7uvRAl+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b*.10764|1b1|1c1|1c2|1d1|1d2|1e|1f1,idMap:1b*,pl:,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:90,oid:0d985864-dce9-11ea-93cd-0a320acf4edc,v:19.8.111,sp:1,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.116.20 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-116-20.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:30 GMT
x-server-name
app05.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
status
200
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
sca.17.4.114.js
static.adsafeprotected.com/ Frame BE40 		81 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.4.114.js
Requested by
Host: www.reuters.com
URL: https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:6e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 30 Jun 2020 05:16:22 GMT
content-encoding
gzip
age
3776229
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
last-modified
Mon, 13 Jan 2020 23:54:54 GMT
server
AmazonS3
vary
Accept-Encoding
x-amz-version-id
gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via
1.1 e542677c3bd2d6c30a5ed3dab78f8476.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
DUS51-C1
content-type
application/javascript
x-amz-cf-id
U5tvWZtkELTqFpNu3BElQwtOnJi2-YhRhRSgp0hNZt6RPwOKEVSdEA==
mon
pixel.adsafeprotected.com/ 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.adsafeprotected.com/mon?anId=10764&campId=1100x420&pubId=20159232&chanId=247866432&placementId=4806613891&pubCreative=138288736159&pubOrder=453477432&cb=426815577&custom=connatix&custom2=20000&custom3=0&adsafe_par&impId=&adsafe_url=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&adsafe_type=abdfq&adsafe_jsinfo=,id:ec80aae8-d758-c9fe-5001-675733b60998,c:ldqynG,sl:outOfView,em:true,fr:true,mn:app19ie,pt:1-5-15,wc:0.0.1600.1200,ac:258.3609.1100.420,am:i,cc:258.3609.1100.420,piv:0,obst:0,th:0,reas:l,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,fm:s7uvRAo+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b1|1b2|1c*.10764|1c1|1c2|1d1|1d2|1e|1f,idMap:1c*,pl:,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:120,oid:0d985890-dce9-11ea-be7c-068792706006,v:19.8.111,sp:1,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.116.20 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-116-20.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:30 GMT
x-server-name
app06.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
status
200
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=ec80aae8-d758-c9fe-5001-675733b60998&tv={c:ldqynH,pingTime:-8,time:121,type:l,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:121,n:0,pp:0,pm:0},slEvents:[{sl:o,t:120,wc:0.0.1600.1200,ac:258.3609.1100.420,am:i,cc:258.3609.1100.420,piv:0,obst:0,th:0,reas:l,bkn:{piv:[8~0],as:[8~1100.420]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s7uvRAo+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b1|1b2|1c*.10764|1c1|1c2|1d1|1d2|1e|1f,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:30 GMT
X-Server-Name
dt81dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=bcd7e8e9-215a-2df2-32b3-8a57a9e83487&tv={c:ldqynO,pingTime:0,time:131,type:pf,clog:[{piv:100,vs:i,r:,w:728,h:90,t:89}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:131,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:89,wc:0.0.1600.1200,ac:436.92.728.90,am:i,cc:436.92.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[61~100],as:[61~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s7uvRAl+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b*.10764|1b1|1c1|1c2|1d1|1d2|1e|1f1,idMap:1b*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:30 GMT
X-Server-Name
dt76dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
gen_204
pagead2.googlesyndication.com/pagead/ 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gpt_2020080501&jk=1569345106797626&bg=!VlWlVU1Y5vtn8rhwZwoCAAAAXVIAAAASmQGmV-2cBnPqyLFIb8hm_sxziFuVfvnsN1-p63QkwCrRSyrQ0WWdOxl073OZD3SA4YvQ1kFdeLCT7Dy-a4wczdoGxMiSvNDS87-rnWcLGBcGo0_mgrVwRu2PorHfKqTxiUIeak-lFQMv1RKcvBUpPsNrm-IjQyiLfiWFDTVHCBDAMwY-Cn0eOeL0QK3V8T3VfV8lBFJ1X2cvmMndl2rBpRsxubtGOEDegxxCM_8MFonlQeh1LSJeDVjLoCAbO8SaWBJp3STnbKBPh-NDQdJDf0OfNV62VemvcV9Omk4HutRqvVeh1y9nNz_OEfigJ1Ol252b1Sm1P5bkE6PZ2zs3YE35QqZC4iJIfblrDRYxIL0IuBtm_xFVPMpviLBkQfs7Ak_N5SVXCphKZp5ZBfvPjVcErVuM8Oo6ZgCY7lrFWu-v0IyNprXF1NnH0q-yRjKvrrlY49TdCig8_KBuRw_Kapf2CSrwu2ne7-VvtM3GqIgVse1LvgrASjPkw4u3zUoeO9OoTYZjHBMLDpXsAcjwr0ochpv26k0grRWJ_dAOL7rO6kvMwC_xCCs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=bcd7e8e9-215a-2df2-32b3-8a57a9e83487&tv={c:ldqyo2,pingTime:-2,time:145,type:a,im:{sf:0,pom:1,prf:{beA:407,beZ:408,mfA:472,cmA:473,inA:473,inZ:480,prA:480,prZ:487,si:497,poA:497,poZ:509,cmZ:509,mfZ:509,loA:538,loZ:540,ltA:551,ltZ:551}},sca:{dfp:{df:4,sz:728.90,dom:div}},env:{cca:true,ccd:{version:1,uspString:1---},gca:true,gca2:false},clog:[{piv:100,vs:i,r:,w:728,h:90,t:89}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:145,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:89,wc:0.0.1600.1200,ac:436.92.728.90,am:i,cc:436.92.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[75~100],as:[75~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s7uvRAl+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b*.10764|1b1|1c.10764|1c1|1c2|1d1|1d2|1e|1f1,idMap:1b*,rmeas:1,rend:1,renddet:IMG.qs,slid:[google_ads_iframe_/4735792/us.reuters/tentpoles/cyberrisk/article_1,google_ads_iframe_/4735792/us.reuters/tentpoles/cyberrisk/article_1__container__,canvas_leaderboard_5556107408761597_USKCN24W25W],sinceFw:53,readyFired:true}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:30 GMT
X-Server-Name
dt92dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=ec80aae8-d758-c9fe-5001-675733b60998&tv={c:ldqyo4,pingTime:-2,time:144,type:a,im:{sf:0,pom:1,prf:{beA:359,beZ:361,mfA:471,cmA:471,inA:471,inZ:473,prA:473,prZ:476,si:479,poA:480,poZ:485,cmZ:485,mfZ:485,loA:495,loZ:496,ltA:503,ltZ:503}},sca:{dfp:{df:4,sz:1100.420,dom:div}},env:{cca:true,ccd:{version:1,uspString:1---},gca:true,gca2:false},clog:[{piv:0,vs:o,r:l,w:1100,h:420,t:120}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:144,n:0,pp:0,pm:0},slEvents:[{sl:o,t:120,wc:0.0.1600.1200,ac:258.3609.1100.420,am:i,cc:258.3609.1100.420,piv:0,obst:0,th:0,reas:l,bkn:{piv:[31~0],as:[31~1100.420]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s7uvRAo+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b1|1b2|1c*.10764|1c1|1c2|1d1|1d2|1e|1f,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn,slid:[google_ads_iframe_/4735792/us.reuters/tentpoles/cyberrisk/article_2,google_ads_iframe_/4735792/us.reuters/tentpoles/cyberrisk/article_2__container__,dpslot_connatix_3774482_USKCN24W25W,USKCN24W25W],sinceFw:23,readyFired:true}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:30 GMT
X-Server-Name
dt58dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=bcd7e8e9-215a-2df2-32b3-8a57a9e83487&tv={c:ldqyoJ,time:188,type:e,env:{ar:self.0},es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:188,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:89,wc:0.0.1600.1200,ac:436.92.728.90,am:i,cc:436.92.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[119~100],as:[119~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s7uvRAl+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b*.10764|1b1|1c.10764|1c1|1c2|1d1|1d2|1e|1f1,idMap:1b*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:30 GMT
X-Server-Name
dt93dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=ec80aae8-d758-c9fe-5001-675733b60998&tv={c:ldqyoK,time:186,type:e,env:{ar:self.0},es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:186,n:0,pp:0,pm:0},slEvents:[{sl:o,t:120,wc:0.0.1600.1200,ac:258.3609.1100.420,am:i,cc:258.3609.1100.420,piv:0,obst:0,th:0,reas:l,bkn:{piv:[74~0],as:[74~1100.420]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:s7uvRAo+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b1|1b2|1c*.10764|1c1|1c2|1d1|1d2|1e|1f,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:30 GMT
X-Server-Name
dt33dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=340&fi=1&apd=368&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=reuters.com&L1id=20067072&L2id=2607453244&L3id=5361866584&L4id=138314657807&S1id=3735912&S2id=247866432&ord=1597270410195&r=358734715120&t=nht&bedc=1&q=4&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 12 Aug 2020 22:13:30 GMT
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=bcd7e8e9-215a-2df2-32b3-8a57a9e83487&tv={c:ldqyt7,pingTime:-10,time:460,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.4.114v220002022000220000022002222000022220202020222220222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222222000220000222202222202222000002002002222222222220022202200222002220222202,sd:MTcuNC4xMTR2MTIwMHx8MTYwMHx8MXx8MXx8MjR8fDEyMDB8fDB8fDB8fDF8fGxhbmRzY2FwZS1wcmltYXJ5fHwyNHx8NC8zfHw0LzN8fDB8fDE2MDA-,no:MTcuNC4xMTR2TW96aWxsYXx8TmV0c2NhcGV8fG58fDEyfHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8LTEyMHx8TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,asp:1597270410868||c0c4cbf44afccd28091dd03bfd8660ce||71ff54ebddb1e090fbf173d96e2342c8||78ad8b362678058588dbfe0420e6d582||8667907afc8c43aebadcb4c827984a8c||1bd3524cf813bdbcaf8efaeefd1a7c26||fe3bada7cbc260228336c37f8b45967b||962539fe8b79a8801054ea097356aa38||1576000828}
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:31 GMT
X-Server-Name
dt81dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
connatix.player.css
cds.connatix.com/p/44385/ Frame 132B 		49 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/44385/connatix.player.css
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ce2ba098bd8570d95c60d33cc035ee6764193c8ff7e0d7a531d0e1e98e9ad592

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:30 GMT
content-encoding
gzip
age
27622
x-cache
HIT, HIT
status
200
content-length
8095
x-served-by
cache-dca17739-DCA, cache-hhn4024-HHN
access-control-allow-origin
*
last-modified
Wed, 12 Aug 2020 13:58:48 GMT
x-timer
S1597270411.921089,VS0,VE0
etag
"880884ab75ace2385f14bd369f4ab798"
vary
Accept-Encoding
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 2352
sr
capi.connatix.com/tr/ Frame 6B32 		0
324 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/sr?v=44385
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.189.233.21 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-189-233-21.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Wed, 12 Aug 2020 22:13:31 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.reuters.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
2_media.bin
vid.connatix.com/527c8473-6656-49ea-aa01-5c870b9999f4/ Frame 6B32 		626 B
737 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/527c8473-6656-49ea-aa01-5c870b9999f4/2_media.bin
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5b548c55cb99a60bc5d2ed82331220dd5363894f1d0f6a98900b486ce9e85d3b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:31 GMT
content-encoding
gzip
age
36666
x-cache
HIT, HIT
status
200
content-length
473
x-served-by
cache-bwi5139-BWI, cache-hhn4077-HHN
last-modified
Wed, 12 Aug 2020 10:14:12 GMT
x-timer
S1597270411.093368,VS0,VE0
etag
"27a89cdf78269413f6c8725934546be9"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
3, 38
truncated
/ Frame 132B 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 132B 		715 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
ps
capi.connatix.com/tr/ Frame 6B32 		0
324 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ps?v=44385
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.189.233.21 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-189-233-21.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Wed, 12 Aug 2020 22:13:31 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.reuters.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
ao
capi.connatix.com/tr/ Frame 6B32 		0
324 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ao?v=44385
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.189.233.21 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-189-233-21.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Wed, 12 Aug 2020 22:13:31 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.reuters.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
1_th.jpg
img.connatix.com/527c8473-6656-49ea-aa01-5c870b9999f4/ Frame 132B 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/527c8473-6656-49ea-aa01-5c870b9999f4/1_th.jpg?crop=755:425,smart&width=755&height=425&format=jpeg&quality=60&fit=crop
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
eaad44637697425c5c17e2f974faf574cd5d522e2410405fa462331e4b79a313

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:13:31 GMT
via
1.1 varnish, 1.1 varnish
age
36699
x-cache
HIT, HIT
fastly-io-info
ifsz=90313 idim=2562x1440 ifmt=jpeg ofsz=15142 odim=755x425 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
15165
x-served-by
cache-dca17757-DCA, cache-hhn4024-HHN
x-timer
S1597270411.141001,VS0,VE0
etag
"+y83qt+C6ti64aLGZ2xKT8hLAQe6wDBjyPXlPJvNgXI"
vary
Accept
x-amz-request-id
4137AC3EA453C855
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
2, 2
pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=176&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=reuters.com&L1id=20159232&L2id=453477432&L3id=4806613891&L4id=138288736159&S1id=3735912&S2id=247866432&ord=1597270410392&r=549096976740&t=meas&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 12 Aug 2020 22:13:31 GMT
pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=176&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=reuters.com&L1id=20159232&L2id=453477432&L3id=4806613891&L4id=138288736159&S1id=3735912&S2id=247866432&ord=1597270410392&r=549096976740&t=nht&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 12 Aug 2020 22:13:31 GMT
pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=200&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=reuters.com&L1id=20159232&L2id=453477432&L3id=4806613891&L4id=138288736159&S1id=3735912&S2id=247866432&ord=1597270410392&r=549096976740&t=hdn&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 12 Aug 2020 22:13:31 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame B6A4 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuxk6_DEjLbff2h5L60istuNQgjZHmsnnXUNwPyKdzk_AZCo8vu3AMyaMh9yVv5Iu4aGP8Pr3nDyyDgEgxR5dRW65rkvKwkVFXtGSag3xA&sig=Cg0ArKJSzA9jez1t4x0QEAE&adk=2151472195&tt=-1&bs=1600%2C1200&mtos=1008,1008,1008,1008,1008&tos=1114,0,0,0,0&p=92,436,182,1164&mcvt=1008&rs=0&ht=0&tfs=7&tls=1455&mc=1&lte=1&bas=0&bac=0&met=mue&avms=nio&exg=1&md=2&btr=0&cpmav=0&lm=2&rst=1597270409965&dlt&rpt=135&isd=0&msd=0&xdi=0&ps=1600%2C7995&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-13-5-12-12-0-0-0&tvt=1451&is=728%2C90&iframe_loc=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-cwt-ransom%2Fpayment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W&r=v&id=osdim&vs=4&uc=13&upc=1&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=728x90&itpl=3&v=20200810
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
reutersdfpcw319687550988.s.moatpixel.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reutersdfpcw319687550988.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1023&tet=1196&fi=1&apd=1224&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=reuters.com&L1id=20067072&L2id=2607453244&L3id=5361866584&L4id=138314657807&S1id=3735912&S2id=247866432&ord=1597270410195&r=358734715120&t=iv&bedc=1&q=5&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 22:13:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 12 Aug 2020 22:13:31 GMT
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=bcd7e8e9-215a-2df2-32b3-8a57a9e83487&tv={c:ldqyE0,pingTime:1,time:1135,type:p,clog:[{piv:100,vs:i,r:,w:728,h:90,t:89}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1135,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:89,wc:0.0.1600.1200,ac:436.92.728.90,am:i,cc:436.92.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[1065~100],as:[1065~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:236,fm:s7uvRAl+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b*.10764|1b1|1c.10764|1c1|1c2|1d1|1d2|1e|1f1,idMap:1b*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:31 GMT
X-Server-Name
dt81dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=bcd7e8e9-215a-2df2-32b3-8a57a9e83487&tv={c:ldqyE1,pingTime:1,time:1136,type:pf,clog:[{piv:100,vs:i,r:,w:728,h:90,t:89}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1136,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:89,wc:0.0.1600.1200,ac:436.92.728.90,am:i,cc:436.92.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[1066~100],as:[1066~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:236,fm:s7uvRAl+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b*.10764|1b1|1c.10764|1c1|1c2|1d1|1d2|1e|1f1,idMap:1b*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:31 GMT
X-Server-Name
dt33dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=bcd7e8e9-215a-2df2-32b3-8a57a9e83487&tv={c:ldqyE1,pingTime:1,time:1136,type:c,clog:[{piv:100,vs:i,r:,w:728,h:90,t:89}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1136,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:89,wc:0.0.1600.1200,ac:436.92.728.90,am:i,cc:436.92.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[1067~100],as:[1067~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:236,fm:s7uvRAl+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b*.10764|1b1|1c.10764|1c1|1c2|1d1|1d2|1e|1f1,idMap:1b*,rmeas:1,rend:1,renddet:IMG.qs,metricId:publ1,cmr:t}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:31 GMT
X-Server-Name
dt93dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=bcd7e8e9-215a-2df2-32b3-8a57a9e83487&tv={c:ldqyE2,pingTime:1,time:1137,type:c,clog:[{piv:100,vs:i,r:,w:728,h:90,t:89}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1137,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:89,wc:0.0.1600.1200,ac:436.92.728.90,am:i,cc:436.92.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[1067~100],as:[1067~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:236,fm:s7uvRAl+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b*.10764|1b1|1c.10764|1c1|1c2|1d1|1d2|1e|1f1,idMap:1b*,rmeas:1,rend:1,renddet:IMG.qs,metricId:grpm1,cmr:t}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:31 GMT
X-Server-Name
dt58dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=ec80aae8-d758-c9fe-5001-675733b60998&tv={c:ldqyGv,pingTime:-10,time:1287,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.4.114v220002022000220000022002222000022220202020222220222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222222000220000222202222202222000002002002222222222220022202200222002220222202,sd:MTcuNC4xMTR2MTIwMHx8MTYwMHx8MXx8MXx8MjR8fDEyMDB8fDB8fDB8fDF8fGxhbmRzY2FwZS1wcmltYXJ5fHwyNHx8NC8zfHw0LzN8fDB8fDE2MDA-,no:MTcuNC4xMTR2TW96aWxsYXx8TmV0c2NhcGV8fG58fDEyfHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8LTEyMHx8TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,asp:1597270410868||c0c4cbf44afccd28091dd03bfd8660ce||71ff54ebddb1e090fbf173d96e2342c8||78ad8b362678058588dbfe0420e6d582||8667907afc8c43aebadcb4c827984a8c||1bd3524cf813bdbcaf8efaeefd1a7c26||fe3bada7cbc260228336c37f8b45967b||962539fe8b79a8801054ea097356aa38||1576000828,sca:{spg:bcd7e8e9-215a-2df2-32b3-8a57a9e83487}}
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:31 GMT
X-Server-Name
dt58dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=bcd7e8e9-215a-2df2-32b3-8a57a9e83487&tv={c:ldqzGt,pingTime:5,time:5132,type:p,clog:[{piv:100,vs:i,r:,w:728,h:90,t:89}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:5132,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:89,wc:0.0.1600.1200,ac:436.92.728.90,am:i,cc:436.92.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[5062~100],as:[5062~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:147,fm:s7uvRAl+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b*.10764|1b1|1c.10764|1c1|1c2|1d1|1d2|1e|1f1,idMap:1b*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:35 GMT
X-Server-Name
dt58dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=10764&asId=bcd7e8e9-215a-2df2-32b3-8a57a9e83487&tv={c:ldqzGt,pingTime:5,time:5132,type:pf,clog:[{piv:100,vs:i,r:,w:728,h:90,t:89}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:5132,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:89,wc:0.0.1600.1200,ac:436.92.728.90,am:i,cc:436.92.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[5062~100],as:[5062~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:147,fm:s7uvRAl+11|12|13|14|15|16|1711|18|19|1a1|1a2|1b*.10764|1b1|1c.10764|1c1|1c2|1d1|1d2|1e|1f1,idMap:1b*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
daldt.adsafeprotected.com
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 12 Aug 2020 22:13:35 GMT
X-Server-Name
dt33dal.dal.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
st
capi.connatix.com/tr/ Frame 6B32 		0
324 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/st?v=44385
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/44385/connatix.player.dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.189.233.21 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-189-233-21.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Wed, 12 Aug 2020 22:13:38 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.reuters.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
/
onetag-geo.s-onetag.com/ 		24 B
437 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-geo.s-onetag.com/
Requested by
Host: beacon.s-onetag.com
URL: https://beacon.s-onetag.com/beacon.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-120.dus51.r.cloudfront.net
Software
/
Resource Hash
832312c7524d4dc8ad8e094f91681e6072314b1e2193fe0bf789997b42f6fa8f

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 21:55:18 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront), 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront)
age
1102
x-amzn-requestid
c33c7d58-3a61-49ab-a306-2e8634cafdaf
status
200
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA6-C1, DUS51-C1
x-amz-apigw-id
RLTDCGUTCYcFZMQ=
content-length
24
x-amz-cf-id
ZDpp5kRmgZydZTJSs4JfX_S0OgaFuuCgyv3fJKjVREJrWy9Tkpg9gw==
EU
onetag-geo-grouping.s-onetag.com/regionalbloc/ 		1 KB
828 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-geo-grouping.s-onetag.com/regionalbloc/EU
Requested by
Host: beacon.s-onetag.com
URL: https://beacon.s-onetag.com/beacon.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.96 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-96.dus51.r.cloudfront.net
Software
restify /
Resource Hash
6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:03:53 GMT
content-encoding
gzip
server
restify
age
587
status
200
vary
Accept-Encoding,origin
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
https://www.reuters.com
access-control-expose-headers
api-version, content-length, content-md5, content-type, date, request-id, response-time
cache-control
max-age=86400
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
TQjuU7oYQgpt4pk2UOX2yLC0RA7djVJWrBqDtz-kZroOEGRIPn8UNQ==
via
1.1 8033f9c6b87a03b2eca7c2db5157e10e.cloudfront.net (CloudFront)
EU
onetag-geo-grouping.s-onetag.com/regionalbloc/ 		1 KB
827 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-geo-grouping.s-onetag.com/regionalbloc/EU
Requested by
Host: beacon.s-onetag.com
URL: https://beacon.s-onetag.com/beacon.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.96 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-96.dus51.r.cloudfront.net
Software
restify /
Resource Hash
6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0

Request headers

Referer
https://www.reuters.com/article/us-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUSKCN24W25W
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 22:03:53 GMT
content-encoding
gzip
server
restify
age
587
status
200
vary
Accept-Encoding,origin
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
https://www.reuters.com
access-control-expose-headers
api-version, content-length, content-md5, content-type, date, request-id, response-time
cache-control
max-age=86400
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
ne_HwdUD0qXFAftQn8k9rixcjrIVOpHJ4t7rpnmm9NNaNjgcOD66EQ==
via
1.1 8033f9c6b87a03b2eca7c2db5157e10e.cloudfront.net (CloudFront)

Verdicts & Comments Add Verdict or Comment

195 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| analytics object| dataLayer object| google_tag_manager function| postscribe string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_optimize object| Reuters object| parallelMediaHosts object| tag object| firstScriptTag object| player function| onYouTubeIframeAPIReady function| onPlayerPlaybackQualityChange function| onPlayerReady function| onPlayerStateChange object| player2 function| onYouTubeIframeAPIReady2 function| onPlayerReady2 function| onPlayerPlaybackQualityChange2 function| onPlayerStateChange2 object| player3 function| onYouTubeIframeAPIReady3 function| onPlayerReady3 function| onPlayerPlaybackQualityChange3 function| onPlayerStateChange3 object| player4 function| onYouTubeIframeAPIReady4 function| onPlayerReady4 function| onPlayerPlaybackQualityChange4 function| onPlayerStateChange4 object| player5 function| onYouTubeIframeAPIReady5 function| onPlayerReady5 function| onPlayerPlaybackQualityChange5 function| onPlayerStateChange5 object| player7 function| onYouTubeIframeAPIReady7 function| onPlayerReady7 function| onPlayerPlaybackQualityChange7 function| onPlayerStateChange7 undefined| script function| $ function| jQuery object| _sf_async_config number| _sf_startpt object| __core-js_shared__ object| RTVEmbedder object| _cb_shared object| RCOM_Data function| webpackJsonp object| core object| scrollMonitor object| gptadslots object| googletag function| setImmediate function| clearImmediate function| initBootstrap object| evidon function| __cmp function| __uspapi object| bootstrap function| renderComponent function| VCSFNdd object| jvrkl259Flags string| jvrkl1c4Rnd function| VCSFNTrkFailed object| jvrkld0d2tc function| commonPopup boolean| jvrkle24sdl boolean| jvrkle24sdln string| jvrkld0d2genat string| jvrkld0d2sthash boolean| jvrkl4cbforceimp object| article_date object| author object| content_channel object| keywords object| tp boolean| jvrklb29Body object| _cbm object| YT object| YTConfig function| onYTReady object| diagPixSentCodes object| __iasPET object| __iasAdRefreshConfig string| dianomiContextHost function| dianomiLoadContext function| dianomiContextSetHeight function| dianomiContextSetWidth function| dianomiContextSetFloat function| iframebuster function| videoMPU function| dianomiContextElement function| dianomiReloadContext function| dianomiContextReady function| _fbq function| fbq function| Tracktor function| normalize object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportLogPayloadsQueue_ object| ytLoggingTransportGELQueue_ object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingGelSequenceIdObj_ object| lazyLoadOptions function| ___tp object| TRUE_ANTHEM string| __tpVersion object| jQuery112409168724273555802 object| SWG function| _extends function| LazyLoad string| segment_user_id object| e number| abp object| _comscore function| getValuesGWIQ object| advBidxc object| PianoESPConfig function| udm_ object| ns_p object| COMSCORE object| $jscomp function| MIIScriptCtrl object| gwiq function| _mR function| _mD string| TB4M82W string| T645KQG object| ggeac object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing string| article_platform string| article_edition number| __google_ad_urls_id number| google_unique_id number| _sf_endpt function| getCookie boolean| jvrklb4fDetect object| jvrkld79Mobile object| jvrkld0d21 object| jvrkld0d2o1 object| jvrkld0d2o2 object| jvrkld0d2o3 object| jvrkld0d22 number| jvrkld0d2d3 object| jvrkld0d24 object| jvrkld0d25 boolean| jvrkl422ij object| pSUPERFLY_mab object| _cbq object| pSUPERFLY object| pSUPERFLY_video object| _cbv_strategies object| _cbv object| header object| footer object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| __onetag object| __connect boolean| jvrkl431Track object| Moat#G26 boolean| Moat#EVA object| MoatSuperV26 object| DOMlessLLDcallback_92823798 object| MoatDataJsonpRequest_92823798 object| cnx_usr_storage object| google_image_requests object| __IntegralASExec

12 Cookies

Domain/Path Name / Value
.reuters.com/ Name: _gat
Value: 1
.reuters.com/ Name: _fbp
Value: fb.1.1597270409150.1389721253
www.reuters.com/ Name: mnet_session_depth
Value: 1%7C1597270408769
.reuters.com/ Name: xbc
Value: %7Bjzx%7DaDgHBcHto3SYFqkc2Wn5DAKZUnPR0slugavoMmFiGkDNq308yMxi-925TxHVYBHKQcmpUc6u5Js4Rxes92m4vDkd-8Aoj3bt9xJ6HnTtWlq3ukhZaEQ3wgo34yCsLGmdO6N1WgooRoOz6fL-h1EiMw
.reuters.com/ Name: __pvi
Value: %7B%22id%22%3A%22v-2020-08-13-00-13-28-488-uR3YSk0XfWOwLWHX-6aaa2b71454066fe37c59fd6bf532167%22%2C%22domain%22%3A%22.reuters.com%22%2C%22time%22%3A1597270408630%7D
.reuters.com/ Name: _gid
Value: GA1.2.1537310197.1597270408
.reuters.com/ Name: __pat
Value: -14400000
.reuters.com/ Name: __tbc
Value: %7Bjzx%7Dyo9xUxAKwg32SeQvuAZGbb5pOGBcEd2eMUB4H998ludc_6bFhgscDWgce5wiD0OHaNENLCNY9UpeVjxT1hOSa6g08UW23NMQV3_NleT0sN8L9_6-zGWIkt5ibSllrVjDHzyVzbU0qDL8Htc3rl51Vg
www.reuters.com/ Name: usprivacy
Value: 1---
.reuters.com/ Name: ajs_anonymous_id
Value: %22fbf9447f-7262-475b-b1f6-90c7eb2f00b2%22
.reuters.com/ Name: _ga
Value: GA1.2.646349505.1597270408
www.reuters.com/ Name: _cb_ls
Value: 1

19 Console Messages

Source Level URL
Text
console-api log URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14)
Message:
Init Bootstrap with config [object Object]
console-api log URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 7)
Message:
BODY ITEMS [object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
console-api log URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14)
Message:
###### ias setup complete
console-api log (Line 1)
Message:
Blocking Ads: No
console-api log (Line 1)
Message:
comscore new global fired
console-api log URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14)
Message:
[object Object]
console-api log URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 7)
Message:
bootstrap getResults: [object Object]
console-api log URL: https://www.dianomi.com/js/videofeed-combined.js?id=123(Line 17)
Message:
videoAd id 4729 el [object HTMLDivElement] data [object Object]
console-api log URL: https://www.dianomi.com/js/videofeed-combined.js?id=123(Line 17)
Message:
IO Script Loaded
console-api log URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14)
Message:
Setup media.net with GDPR consent declined
console-api log URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14)
Message:
GPT SET ADMANTX: AccentureAPAC_Negative,Artificial_Intelligence,Barclays,Barclays_2,Boeing_Neg,BofA_Neg,BofA_Neg_Topics,CME_Negative,Cognizant_Coronavirus_3,DIT_Negative_kw1,DWA-Cisco-Coronavirus,Exxon_Negative,FRB,GoldmanSachs,IBM,JPMorgan_Neg,JuliusBaer2020_FinancialPlanning-2,MSFT_Neg,MarcusUSDeposits_1,Mobkoi_FB_Negative,Negative_Keywords_3.2,SaudiAramco_Negative,TradeWeb_AiEx,WorkdayPG_Neg
console-api log URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14)
Message:
GPT SET FOR NON-PERSONALIZED ADS
console-api log URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14)
Message:
GPT SET FOR RESTRICTED DATA PROCESSING
console-api log URL: https://static.reuters.com/resources_v2/react/CKB-23169-b72/common.bundle.js(Line 14)
Message:
GPT ENABLE SERVICES
console-api log (Line 2)
Message:
segment identify user with traits: [object Object]
console-api log URL: https://www.dianomi.com/js/videofeed-combined.js?id=123(Line 17)
Message:
It's cloudflare
console-api warning URL: https://embed.videodelivery.net/embed/r4xu.fla9.latest.js(Line 13)
Message:
On August 3, 2020, Stream Player will begin a roll out of an update. Please visit https://community.cloudflare.com/t/major-stream-player-changes-rolling-out-aug-3-2020/189844 for more information about the update.
console-api log URL: https://www.dianomi.com/js/videofeed-combined.js?id=123(Line 61)
Message:
4729
console-api debug URL: https://static.adsafeprotected.com/sca.17.4.114.js(Line 32)
Message:
a: 0.003173828125ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8f658fb24ce33d7b8a7aba3eec669e30.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
api.segment.io
beacon.s-onetag.com
beacon.tru.am
c.evidon.com
capi.connatix.com
cd.connatix.com
cdn.adsafeprotected.com
cdn.segment.com
cdn.tinypass.com
cdneu-xch.media.net
cdnjs.cloudflare.com
cds.connatix.com
code.jquery.com
connect.facebook.net
contextual.media.net
dfp-gateway.s-onetag.com
dt.adsafeprotected.com
embed.videodelivery.net
evidon.mgr.consensu.org
experience.tinypass.com
geo.moatads.com
get.s-onetag.com
gwiqcdn.globalwebindex.net
iabmap.evidon.com
img.connatix.com
l.betrad.com
mab.chartbeat.com
onetag-geo-grouping.s-onetag.com
onetag-geo.s-onetag.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.adsafeprotected.com
queso-cdn.prod.reuters.tv
reutersdfpcw319687550988.s.moatpixel.com
s.mnet-ad.net
s.ytimg.com
s3.reutersmedia.net
s4.reutersmedia.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
sope.prod.reuters.tv
static.adsafeprotected.com
static.chartbeat.com
static.reuters.com
stats.g.doubleclick.net
tpc.googlesyndication.com
tru.am
usasync01.admantx.com
vendorlist.consensu.org
vid.connatix.com
www.dianomi.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.reuters.com
www.youtube.com
z.moatads.com
104.111.238.139
104.111.252.228
104.18.22.230
104.244.37.20
13.226.145.149
13.226.155.108
13.226.155.12
13.226.155.120
13.226.155.37
13.226.155.8
13.226.155.85
13.226.155.96
151.101.114.137
18.189.233.21
2.18.235.40
2.18.235.93
2001:4de0:ac19::1:b:3a
216.58.208.34
23.62.140.165
2406:da00:ff00::36eb:b8ea
2600:1f18:624f:b000:1a0c:44be:c431:52fe
2600:9000:2182:1600:5:9a4c:9b00:93a1
2600:9000:2182:6a00:18:1fcd:34e:d2a1
2600:9000:2182:6c00:10:27b4:f500:93a1
2600:9000:2182:6e00:8:48e:53c0:93a1
2600:9000:2182:e000:1e:ef1b:aa40:93a1
2600:9000:2182:e00:1:af78:4c0:93a1
2606:4700:20::681a:274
2606:4700:20::681a:374
2606:4700::6811:164b
2606:4700::6811:4f6b
2606:4700::6811:b8b1
2a00:1450:4001:809::2002
2a00:1450:4001:814::2001
2a00:1450:4001:814::2002
2a00:1450:4001:814::200e
2a00:1450:4001:818::2001
2a00:1450:4001:819::200e
2a00:1450:4001:81a::2003
2a00:1450:4001:81c::2004
2a00:1450:4001:81f::200e
2a00:1450:4001:821::2008
2a00:1450:4001:825::2002
2a00:1450:400c:c00::9c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::714
3.10.67.84
34.231.28.41
35.201.93.216
50.112.221.239
52.19.116.20
52.45.30.192
54.156.236.131
66.81.204.228
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
0301abe27c75fe3b60eff31ce1d31238c9b84d4f36c037bacf0a8656b6a6fb45
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0541539bf2c978c0ddec342e71cdeeb6c741a149356dcf13a01ae4217d28e46b
08403f71ba79ddfc050c707a58a0b0f81e42dd8352249f0525eb74039df12080
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0978e7145fd8c72f405ca54132e94b35ffefb0b9b416eff00206694a4a545be4
09c52e5ea3fdb1ac6d74bf9c68a5411ae21355fb33afd30b8b37c434c3338e2a
0d445873a2c993e05b6f3566da0b249eb88f249449cf877f2137a10130dd9c56
0d4cd8758e47bca38e411a21e1f62d81499d29214a1d358f24b7c10c49625c68
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11558e1d027dc06afd27bf2613c169508a497d802019b0d97c417097977f00e8
11c956089d2f84d96123f77fe02363e0b95c9a9ab5edc9c3642285d58137f540
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
15b35c3833a358a2d4da3777fc699f98434d8ad633f05f18b0189ff9425d6ec6
16e17153717305657ce5f252f8dda31ce9c2a90691bca1907d95affdb9ec0319
21a22ffbb31ae72c9efc1970ad750dc83454831721ca163bc6cda04dae21a7d7
25adad9ca79b728ee179d70f9f9251b37634f92ddc1421d1e4204b1fbad4e303
2a7a5100d1b04b40f49ec3661a2ce57d3af5acbd35497cd946e87912a6c9e021
2b8d8ef7fec86e16424f0c6be7f0471a0c29256e074e1336d92876ddb4bc09ff
33a31901a144a24e7f7153b2ec965007bb58abea0129ec9e7691d468f959569b
33cd59fdad56fccc91544c91eba435e9c22e29c2ca6b464dc2c4887340f150f6
34cdb6307b099bbbbe4bd77a40fc926d20d665f864aa629a060a8348eeb1df58
38f82a586c4984fdc89697da37dac16d17ed9c1d619510ed32991778b3e21b26
394415bedb33f0d07d610f1ac10439e12098d7a747aca0510cddabca81a9092d
3c0d27b79bfe51d6abbc99eb79bd7731804fa80823d85bce422ee364185c6126
3c514d4fb8244af230a89d2203522c6a67a55a3f161cfd4fca9f53301c0588ff
3dfeed84abdc50ae9a47f0c1e3366e3cba4ea30ee96e375b52ff7a31c3f9e029
45610b21279531a97f9566b0f0f8a1d287a45ae4bc6bc545971af5cd7e393cc6
48b6a8109cf91c81d1ad2ebd97673c8446f9ca19a11964890e3ce642e8511d44
4a0a7048c91048d2c7ebadf647023c3218cb6d6a77b1bf3e73a49387073ffcde
4af369f700659d91f26ff2c5a7cfc17767deaaa6a9b00cb7f6223a8b1a23645e
4de694ee2c3df7b6af5802e4acb2ebbb9de6daedd7e456fea3003b71336ea456
4dfb7c925e9a341c587ecc6af346f2cf875c63da4609858353eed31324e7ac48
4ed44c518b79ec0c24d13803371365e67d6ca02829631e0dad366850fd466044
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
54138d578ed166d5381db70b3dd14a16830233553b6e4213402bae2fdb0564b4
57514090aa4e30755dfb478a8e596474b2c1dcb0c4258a6a2b324853d73840e4
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5b548c55cb99a60bc5d2ed82331220dd5363894f1d0f6a98900b486ce9e85d3b
6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0
61c564503fd8c3d2e54685465eaac1999b423c7a7c85fc40f6ac16fc95b44110
62c155232156eb11fcfd2db27dc8304f7c2fd810da25bfa7740ef28b0b156f88
6346ee09058d555984eb04aac881775c926b5d9d4f73ca91493f7cb708ed90df
67032371580ed843d5a9460d87afa85e4c02983a1dc620b38020d311308f4e59
698a0d14189cdfa590d112b056e978324c551080f63a9e0b340b6f1b204af296
6a09f19ac3a6fb7a6db7aa92dc9a888e9f6f169b18171d6d958693399af19c99
6aa7c3edbc1ee1fe66d4db0fea18aa2d0bbe0dfae05d228c9ffeeaeacb6f1c53
6d2fe32d253b1c23c584887a2d05bba8d56ad3b233081d190be436c70209ead2
6f23d93c9b8e3ca26f6fcc6be6a8d087e43a3f5795daa3c61017071642f66f3c
6f4ae319a9f80c61a3c9734248d8be481ae430185443f3b2747bc1b4f617cc8f
70503c92bcbb8105d95ec4de2012f23098c3383586e95323e4b3384b56af4beb
731ebb6e8eb86eb45b6e7269a9374d1ac90533bfca3a81774dfe51f84fee2f92
7464555aae6d8d87b77f7170fba1698ff64f7454ded58627ca1819246e9a9969
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
78d7768fb1213eced669894455aac7c1bfb17452b25ef69859ab7617cb85856f
7962dce1427363ac8964c27e8a221d2b6f320fa55f7e32df3508b288d99ff915
828f9f1b9c8cd0767d76835370f81a90f6154cfe3f632c3ec205f8183a24f2b2
832312c7524d4dc8ad8e094f91681e6072314b1e2193fe0bf789997b42f6fa8f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8913beb81d7fcafd7abaa2fa3c5f7db602ee98fd392078ef627cc23e16b03b29
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
8c61c037047cb44c60d5919f90fbd5617857bff29d61706585a1340c57b80e82
916944fb8e292fa140a6e759848c318ba8c1a0cecb5297d486ba63a372806137
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
96c55d1a0e501bee6c3b9b91eaccdfb7ed17698f20a219d662c837b595a6824f
99781410070a5dd4d753fdb8a46f4272082b5be64541dcfcb1b2d3c4aea09c6c
9b133863146a5f391e8cee0842cafc7498ae89b6f79edbecfc842055342c1fe2
9bc4462981341ede864aa5b80efbbf5b542963ac79db538b2cefc9dba141f125
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9dd9711aada67e319aa82d18c1bf5cdcd77b30a740994f768b8a8be4c6b78e94
9f9104dee58871cdb561e4f139fcf095a2fc1fcb0a7778a964975e6b12059c6a
a0d3ad2bd0bb836d67e587c3b497fc7275294125707b05bc38624cf787086dec
a2276ebb245c02bb9f3f8095698e2e7eb74d7027e777d2e2436c31b36312cde4
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a91de3d1cd8a53804e64f2aea1650469c1a09f3a5ab9bf6362038203a4b0b164
abb74f2e09d41af3c60529e946e005787c0bfc69a5342862080a5c55de585c7b
ad590c30e8e0ef2b2539b0f1a7e4e4da38a6a7b2a8b3f88048338c22da590253
ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96
adfa0c7de03bc3bea3de80b4a4514881c8b6296568f43a5acd5cd7a16fffd1c9
b13fd23c0effcdc881aa98e5754af4cdefedd4ba4db81a6310850f8635405b82
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b530d2f33467c65e254999ed904332bc40a5aa25c750229790295f6742938b6f
b5771462426214dd38f38352be4e5018e2d479df771d17d87723969efab65a49
b57edf9e12c72fcbdd2385fd05b19a276bf8629efd6765ede37a495f651d7904
ba607af2c8d414ab6d4bac90c526d90a939cb0adf507b6ba063265347479159d
bb56e9cb6a9934d4d3c871e6aa711d2168e0c74c02cc3388539fe50e57091dca
bd1dc64fac45e75fffefbd76f176c6ea118ab79b88b3efddc5642d4e7c76d4fe
bf3669795bba5ee81c6defbeb24c48986d4693233ce0964138e897363527c3af
c1acfa727754dab58bedc79995a642e235c6fde6449824c4fba4318fc060c91c
c249785389db80243503114f46bee572871297bbe904ebbaf64715ac42432a4d
c516c523ffceafbf9482017d73bbcea30b998c15ca9de148fc00514561daaf67
c53a73d64545befe969e606eef1df1c39fef33fe9ee72d34d1889d109fb04156
c8567ea9f657a5f2ea1633ec26b13de309f60f0921a278db2a9be91d2e48984e
ca16dd3adebfcc177d21d8fe9fa1f3f1659479394e1c142b27d96cba5bf85058
cb9ed631a71c48ca822486fd44614cebcff3e72ba9fc2f89998198cefadc78f3
ccba1dcc4fa5aad31dac453fcb66ddeaab49e321c14d65ff7c278a5e74e3dcd2
ce2ba098bd8570d95c60d33cc035ee6764193c8ff7e0d7a531d0e1e98e9ad592
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf9a095f05407696dc2f2739ace708d69a89914588bd2308c43f4e2d5968b624
cfd0da29a6d34ea44fb0035a3a1b409a4a66c091fb0f143ea2f73a643c3f8cef
d17258ef212cb8d281097a87b379d7fd9de51ce6fe261329c37b431e623c5f54
d27b59be0fa35fd199035fb3d095a553cf11e6c7b44d583b2942650fc3da5977
d4fa79afcf5a5cc5a0f12dedaf825f11530e6397d723fe7044cd37ba3c248e57
d640ed39630d91dec61dcb107b977293ec29fecbb5e74467e017d872bf76b0db
d7d62426c6b87d35cef5c2c873355aa44edffcf4a7f927f1c51b10694ea4f6ed
ddf32eb41417c5dcc73eea1af956b5853af2e5e7e7d44e7bf3349193b539bdad
deebd915997d1fc20b8c17b0ac9e57a20b84cb44a54858b18d0ad0ee6ea51f5a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74fb7e990ba39b4b4dcc5bdac5c7ba1e987371518e6241aaf388ce7929f2b75
eaad44637697425c5c17e2f974faf574cd5d522e2410405fa462331e4b79a313
eb27c3daa626cc85da47512108ab80060524e0356ce0d7513466d8f3c1b6e151
ee0768f9d2def8b13df284410776f5d755109e77b5c0ca17d8895f65b343a0cd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01d25f7a76e0682a7a43230c32bef653eaf28b8a6f7a683ebb88bf8c6aa4f50
f292774eb8270d3e7271ea7c7bdd95aaee07cbdfed7ff9c960f76b6c8380d8a0
f37beed085d2cfdd1386a8942434d8011aa20f2e7afa20d7edfd0d49998da1e7
f7d8607e2c1a88b4f3ec600853f3bc64cc29705b5e97ea1fbd579d2eefb8bf9c
f9b0def9c2f40e6dd8149a4166a4364fb3c27337e9d3e63bfbc265ecaa1f9058
faf40c6481d024246ae76970ee7b8346a54da9a19f5ad61f2384bcd13b09f3a9
fc969d3d6198b1e616050dce0f4694e79875626c60f17be92dc3c3d227a2f8fa
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
ff13950dbfb2aa65ec445b66f58bc6da80e50c786d94e9cd025a29ab66f09b33