www.cisecurity.org Open in urlscan Pro
68.232.34.125 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.cisecurity.org/blog/ransomware-/u0026#160;facts-threats-and-countermeasures/
Effective URL:
https://www.cisecurity.org/blog/ransomware-/u0026
Submission: On October 31 via api (October 31st 2020, 12:30:33 am UTC) from US

Summary HTTP 44 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 14 IPs in 4 countries across 11 domains to perform 44 HTTP transactions. The main IP is 68.232.34.125, located in United States and belongs to EDGECAST, US. The main domain is www.cisecurity.org.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 24th 2019. Valid for: 2 years.

This is the only time www.cisecurity.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
27	68.232.34.125 68.232.34.125	15133 (EDGECAST) (EDGECAST)
1	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:f1:... 2a02:26f0:f1::48f7:b3c8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.85.32.110 52.85.32.110	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:281::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:817::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
2	52.21.178.134 52.21.178.134	14618 (AMAZON-AES) (AMAZON-AES)
1	18.232.28.189 18.232.28.189	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:1b:... 2a04:4e42:1b::622	54113 (FASTLY) (FASTLY)
44	14

27 68.232.34.125 (United States)

ASN15133 (EDGECAST, US)

www.cisecurity.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:f1::48f7:b3c8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.32.110 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-32-110.ham50.r.cloudfront.net

analytics.newscred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:281::f09 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.21.178.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-2-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.232.28.189 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-6-ue1.aws.pardot.com

learn.cisecurity.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::622 (Ascension Island)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	cisecurity.org www.cisecurity.org learn.cisecurity.org	1001 KB
4	google-analytics.com www.google-analytics.com	51 KB
3	cookiebot.com consent.cookiebot.com consentcdn.cookiebot.com	48 KB
2	pardot.com pi.pardot.com	5 KB
1	wistia.com fast.wistia.com	110 KB
1	google.de www.google.de	106 B
1	google.com www.google.com	106 B
1	doubleclick.net stats.g.doubleclick.net	90 B
1	newscred.com analytics.newscred.com	7 KB
1	googletagmanager.com www.googletagmanager.com	44 KB
1	jsdelivr.net cdn.jsdelivr.net	1 KB
44	11

	Domain	Requested by
27	www.cisecurity.org	www.cisecurity.org
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	pi.pardot.com	www.cisecurity.org pi.pardot.com
2	consent.cookiebot.com	www.cisecurity.org consent.cookiebot.com
1	fast.wistia.com	pi.pardot.com
1	learn.cisecurity.org	pi.pardot.com
1	www.google.de	www.cisecurity.org
1	www.google.com	www.cisecurity.org
1	stats.g.doubleclick.net	www.google-analytics.com
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	analytics.newscred.com	www.cisecurity.org
1	www.googletagmanager.com	www.cisecurity.org
1	cdn.jsdelivr.net	www.cisecurity.org
44	13

This site contains links to these domains. Also see Links.

Domain
enroll.cisecurity.org
workbench.cisecurity.org
careers-cisecurity.icims.com
learn.cisecurity.org
www.youtube.com
www.uscyberchallenge.org
www.cybercompex.org
www.facebook.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
*.cisecurity.org Go Daddy Secure Certificate Authority - G2	`2019-05-24` - `2021-07-22`	2 years	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-26` - `2021-04-17`	6 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
consent.cookiebot.com DigiCert ECC Extended Validation Server CA	`2020-06-11` - `2022-06-11`	2 years	crt.sh
*.newscred.com Amazon	`2020-09-19` - `2021-10-21`	a year	crt.sh
*.cookiebot.com DigiCert Secure Site ECC CA-1	`2020-09-03` - `2021-09-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2019-12-26` - `2020-12-26`	a year	crt.sh
learn.cisecurity.org Let's Encrypt Authority X3	`2020-10-27` - `2021-01-25`	3 months	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-23` - `2021-05-07`	6 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.cisecurity.org/blog/ransomware-/u0026
Frame ID: E381D53CA533B6CB4D364678C0498991
Requests: 43 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc.min.html
Frame ID: B3AC8EE9BCA88CD523585DC77ED0DA3A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

44
Requests

100 %
HTTPS

71 %
IPv6

11
Domains

13
Subdomains

14
IPs

4
Countries

1267 kB
Transfer

2341 kB
Size

4
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://enroll.cisecurity.org/
Title: Apply

Search URL Search Domain Scan URL

URL: https://workbench.cisecurity.org/
Title: Login

Search URL Search Domain Scan URL

URL: https://careers-cisecurity.icims.com/
Title: Jobs

Search URL Search Domain Scan URL

URL: https://learn.cisecurity.org/contact-us
Title: Contact

Search URL Search Domain Scan URL

URL: https://learn.cisecurity.org/cis-cat-lite
Title: CIS-CAT®Lite

Search URL Search Domain Scan URL

URL: https://learn.cisecurity.org/cis-ram
Title: CIS RAM

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/TheCISecurity
Title: Videos

Search URL Search Domain Scan URL

URL: http://www.uscyberchallenge.org/
Title: US Cyber Challenge

Search URL Search Domain Scan URL

URL: https://www.cybercompex.org/
Title: CyberCompEx

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CenterforIntSec/

Search URL Search Domain Scan URL

URL: https://twitter.com/CISecurity/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/the-center-for-internet-security/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/TheCISecurity/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 404 Primary Request u0026 Show response
www.cisecurity.org/blog/ransomware-/ 34 KB
34 KB 623ms
591ms Document
text/html 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

e0e230666e4320b5e5eed23e87028f0c7cf69437bb865879694f3924ae882594

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

:method: GET
:authority: www.cisecurity.org
:scheme: https
:path: /blog/ransomware-/u0026
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 404
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
date: Sat, 31 Oct 2020 00:30:16 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://www.cisecurity.org/wp-json/>; rel="https://api.w.org/"
server: Apache
x-frame-options: DENY

GET
H2 200 js.cookie.min.js Show response
cdn.jsdelivr.net/npm/js-cookie@2/src/ 2 KB
1 KB 25ms
6ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 15407
x-cache: HIT, HIT
status: 200
cross-origin-resource-policy: cross-origin
content-length: 1062
etag: W/"79f-7pVBzxqV0qiF+LFDoQXKqgjKnJ0"
x-served-by: cache-fra19155-FRA, cache-hhn4061-HHN
date: Sat, 31 Oct 2020 00:30:16 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 style.min.css
www.cisecurity.org/wp-includes/css/dist/block-library/ 53 KB
53 KB 473ms
468ms Stylesheet
text/css 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-includes/css/dist/block-library/style.min.css?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 06 Sep 2020 03:29:54 GMT
server: Apache
etag: "23e2c6-d293-5ae9cb720eab3"
x-frame-options: DENY
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 53907

GET
H2 200 bootstrap.min.css
www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/css/ 120 KB
121 KB 458ms
454ms Stylesheet
text/css 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/css/bootstrap.min.css?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

8ed0835901adc6163e6a3eac19bf3ba7fcebfe7a6060e01d4a14d58b0cc9c70c

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: Apache
etag: "15e243-1e1e6-585f782658bf8"
x-frame-options: DENY
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 123366

GET
H2 200 font-awesome.min.css
www.cisecurity.org/wp-content/themes/cis/assets/font-awesome/css/ 30 KB
30 KB 452ms
448ms Stylesheet
text/css 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/font-awesome/css/font-awesome.min.css?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: Apache
etag: "15e254-7918-585f78265d249"
x-frame-options: DENY
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 31000

GET
H2 200 style.css
www.cisecurity.org/wp-content/themes/cis/assets/css/ 133 KB
133 KB 467ms
463ms Stylesheet
text/css 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/css/style.css?ver=4669

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

d87631f4d1c5ba6465102505cc414acff24d253f833e526d83dad124ccd1ee96

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Fri, 30 Oct 2020 19:43:53 GMT
server: Apache
etag: "15e251-2155f-5b2e89dd6c870"
x-frame-options: DENY
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 136543

GET
H2 200 jquery-3.1.1.min.js Show response
www.cisecurity.org/wp-content/themes/cis/assets/jQuery/ 85 KB
85 KB 453ms
449ms Script
text/javascript 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/jQuery/jquery-3.1.1.min.js?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: Apache
etag: "15e30d-152b5-585f7826a4ec0"
x-frame-options: DENY
content-type: text/javascript
status: 200
accept-ranges: bytes
content-length: 86709

GET
H2 200 bootstrap.min.js Show response
www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/js/ 36 KB
36 KB 465ms
461ms Script
text/javascript 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/js/bootstrap.min.js?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: Apache
etag: "15e24d-90b5-585f782659b98"
x-frame-options: DENY
content-type: text/javascript
status: 200
accept-ranges: bytes
content-length: 37045

GET
H2 200 retina.min.js Show response
www.cisecurity.org/wp-content/themes/cis/assets/js/ 3 KB
3 KB 372ms
369ms Script
text/javascript 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/js/retina.min.js?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

772aed2cf700b617330eaacbdbd55ae8e1ef89a8747d2880f095c65d843ee02e

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: Apache
etag: "15e313-a0f-585f7826a5691"
x-frame-options: DENY
content-type: text/javascript
status: 200
accept-ranges: bytes
content-length: 2575

GET
H2 200 jquery.js Show response
www.cisecurity.org/wp-includes/js/jquery/ 95 KB
33 KB 23ms
20ms Script
text/javascript 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/6764) /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:16 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 21 May 2019 23:31:04 GMT
server: ECAcc (frb/6764)
age: 15220
etag: "15e1b8-17a69-5896e3e19cd94+gzip"
x-frame-options: DENY
x-cache: HIT
content-type: text/javascript
status: 200
content-length: 33804

GET
H2 200 membership.js Show response
www.cisecurity.org/wp-content/themes/cis/assets/js/ 15 KB
15 KB 455ms
452ms Script
text/javascript 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/js/membership.js?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

38b9e0c77b01c539b2ca88106a701bdba32686814162ec99c1b0d71e88ed441e

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: Apache
etag: "15e310-3c7f-585f7826a52a9"
x-frame-options: DENY
content-type: text/javascript
status: 200
accept-ranges: bytes
content-length: 15487

GET
H2 200 pdf.js Show response
www.cisecurity.org/wp-content/themes/cis/assets/js/ 1 KB
1 KB 379ms
376ms Script
text/javascript 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/js/pdf.js?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

04a024db9dad3b3857317791372856c5f8ce449d2bdafe84defb7496c7f93c06

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: Apache
etag: "15e311-492-585f7826a52a9"
x-frame-options: DENY
content-type: text/javascript
status: 200
accept-ranges: bytes
content-length: 1170

GET
H2 200 gaeventtrack.js Show response
www.cisecurity.org/wp-content/themes/cis/assets/js/ 321 B
374 B 384ms
381ms Script
text/javascript 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/js/gaeventtrack.js?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

2c7b9bce54a9bfdd134ad06eb8b68ce5bd98bcf38620ee1861d76996f98af18e

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: Apache
etag: "15e30f-141-585f7826a52a9"
x-frame-options: DENY
content-type: text/javascript
status: 200
accept-ranges: bytes
content-length: 321

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 125 KB
44 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P5Q9JG6&gtm_auth=nxQySRuQFY4djanswAuNtQ&gtm_preview=env-5&gtm_cookies_win=x

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f5454c551961aba6050dc1f6230ac8f9351c1df710c6a43f0e3e66f935805a14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: br
vary: *
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45014
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.cisecurity.org/wp-includes/js/ 14 KB
14 KB 471ms
467ms Script
text/javascript 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-includes/js/wp-emoji-release.min.js?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 06 Sep 2020 03:29:54 GMT
server: Apache
etag: "15e0f8-37a6-5ae9cb7278624"
x-frame-options: DENY
content-type: text/javascript
status: 200
accept-ranges: bytes
content-length: 14246

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 71 KB
17 KB 58ms
6ms Script
application/javascript 2a02:26f0:f1::48f7:b3c8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1::48f7:b3c8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 8e0d2ab4f0a4a7e5a6c1755abf9d48ac795a9ab41c35802bbda956e4338ff50f

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 09:30:15 GMT
server: Microsoft-IIS/10.0
etag: "80ed429c7aabd61:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=1013
accept-ranges: bytes
content-length: 17189
expires: Sat, 31 Oct 2020 00:47:10 GMT

GET
H2 200 logo.png
www.cisecurity.org/wp-content/themes/cis/assets/images/ 67 KB
67 KB 33ms
29ms Image
image/png 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/images/logo.png

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/6789) /

Resource Hash

6e2453c2a90ec881960e826322f17056c34c9e9d8b8f4e32349548cf8e2f6543

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/6789)
age: 14760
etag: "15e2e0-10b04-585f782694cef"
x-frame-options: DENY
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 68356

GET
H2 200 tagline-img.png
www.cisecurity.org/wp-content/themes/cis/assets/images/ 61 KB
61 KB 28ms
24ms Image
image/png 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/images/tagline-img.png

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/669C) /

Resource Hash

21c8fc8f9ff649c59b46df2ad7818c8f2e203921b20ae544821061df8713cd3b

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/669C)
age: 14760
etag: "15e2f6-f41f-585f782695c8f"
x-frame-options: DENY
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 62495

GET
H2 200 CIS_SecureSuite_Membership_Spot_TM_white-r.png
www.cisecurity.org/wp-content/uploads/2018/01/ 14 KB
14 KB 30ms
26ms Image
image/png 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cisecurity.org/wp-content/uploads/2018/01/CIS_SecureSuite_Membership_Spot_TM_white-r.png

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/6710) /

Resource Hash

8e1ade447eb09eff321edd665d73738798b73f2d00e5c4a6696fd11c2196f543

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Fri, 05 Jan 2018 15:31:54 GMT
server: ECAcc (frb/6710)
age: 14760
etag: "208ed-394e-5620925fa56ce"
x-frame-options: DENY
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 14670

GET
H2 200 arrow-right.png
www.cisecurity.org/wp-content/themes/cis/assets/images/ 213 B
289 B 30ms
26ms Image
image/png 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/images/arrow-right.png

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/67ED) /

Resource Hash

4070a903cad9fd4c86decd909c3ca199c575c02bc7990fe4a75a5cd4f9f9c056

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/67ED)
age: 14760
etag: "15e2b9-d5-585f78268628d"
x-frame-options: DENY
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 213

GET
H2 200 CIS_SecureSuite_Membership_Spot_TM_white.png
www.cisecurity.org/wp-content/themes/cis/assets/images/ 12 KB
13 KB 30ms
26ms Image
image/png 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/images/CIS_SecureSuite_Membership_Spot_TM_white.png

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/675C) /

Resource Hash

a82f8644df0410e649fbefd6b2d19a3c19896a4b55687bbc7a719e6b2d5ad042

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/675C)
age: 14760
etag: "15e28f-31f3-585f78267f914"
x-frame-options: DENY
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 12787

GET
H2 200 404-1024x819.jpg
www.cisecurity.org/wp-content/uploads/2017/03/ 38 KB
38 KB 482ms
479ms Image
image/jpeg 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cisecurity.org/wp-content/uploads/2017/03/404-1024x819.jpg

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

7231473d7b231f86009b6377c5cdcb2d050aa5854334bf210a6bde4bcfa1384f

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:18 GMT
last-modified: Tue, 11 Apr 2017 14:45:33 GMT
server: Apache
etag: "19e745-98ba-54ce524d95d40"
x-frame-options: DENY
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 39098

GET
H2 200 facebook.svg
www.cisecurity.org/wp-content/themes/cis/assets/images/ 1 KB
712 B 30ms
27ms Image
image/svg+xml 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/images/facebook.svg

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/67A2) /

Resource Hash

cb8add66674b5127df91491fe234388629bfd8d492aaca53eb62b2cd28c23aa4

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/67A2)
age: 14760
etag: "15e2d7-411-585f78268916d+gzip"
x-frame-options: DENY
x-cache: HIT
content-type: image/svg+xml
status: 200
content-length: 620

GET
H2 200 twitter.svg
www.cisecurity.org/wp-content/themes/cis/assets/images/ 2 KB
993 B 37ms
34ms Image
image/svg+xml 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/images/twitter.svg

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/676B) /

Resource Hash

575da3ffc058c15fbc836c1f1089ebfe3a80f63a3ef5094f32134773da667fa7

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/676B)
age: 14760
etag: "15e2fb-6c5-585f78269b667+gzip"
x-frame-options: DENY
x-cache: HIT
content-type: image/svg+xml
status: 200
content-length: 911

GET
H2 200 linkedin.svg
www.cisecurity.org/wp-content/themes/cis/assets/images/ 1 KB
706 B 30ms
27ms Image
image/svg+xml 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/images/linkedin.svg

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/6784) /

Resource Hash

9b3e12a77d78aa821c00ea9ac65246d8880792df747cd87bd84e986cdd68ec38

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/6784)
age: 14760
etag: "15e2de-411-585f78268993e+gzip"
x-frame-options: DENY
x-cache: HIT
content-type: image/svg+xml
status: 200
content-length: 625

GET
H2 200 youtube.svg
www.cisecurity.org/wp-content/themes/cis/assets/images/ 1 KB
763 B 42ms
39ms Image
image/svg+xml 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/images/youtube.svg

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/6732) /

Resource Hash

df40c77e0080a524ed7cce475240dc309bac6b26521946f227717be0dc4886e7

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/6732)
age: 14760
etag: "15e30a-4a2-585f7826a4ad8+gzip"
x-frame-options: DENY
x-cache: HIT
content-type: image/svg+xml
status: 200
content-length: 682

GET
H2 200 analytics_420c70665fd445358623ebe8c5379cac.js Show response
analytics.newscred.com/ 20 KB
7 KB 72ms
17ms Script
application/javascript 52.85.32.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.newscred.com/analytics_420c70665fd445358623ebe8c5379cac.js
Requested by: Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.32.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-32-110.ham50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4170cf2bd73977a7825ae1303e08b1f366e25380eb2dc67fb546f3b5815bb2fc

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 22:44:50 GMT
content-encoding: gzip
last-modified: Wed, 28 Oct 2020 10:07:36 GMT
server: AmazonS3
age: 6328
etag: "b7239eaec4ac4cc6c73e0cd26d52ee72"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=86400
x-amz-cf-pop: HAM50-C1
x-amz-cf-id: e4R4GyI6fiEZRzKyAv003wROmIIoAMDcu1BHIHju9n6b_KlCkdIx7Q==
via: 1.1 cadd28ddf17473bac9ce00c18f8e1bc2.cloudfront.net (CloudFront)

GET
H2 200 wp-embed.min.js Show response
www.cisecurity.org/wp-includes/js/ 1 KB
1 KB 368ms
367ms Script
text/javascript 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-includes/js/wp-embed.min.js?ver=5.5.3

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

Apache /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
last-modified: Mon, 20 Apr 2020 01:30:42 GMT
server: Apache
etag: "15e0f1-59a-5a3aed8efa417"
x-frame-options: DENY
content-type: text/javascript
status: 200
accept-ranges: bytes
content-length: 1434

GET
H2 200 OpenSans-ExtraBold.ttf
www.cisecurity.org/wp-content/themes/cis/assets/fonts/ 217 KB
114 KB 35ms
34ms Font
application/octet-stream 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/fonts/OpenSans-ExtraBold.ttf

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/wp-content/themes/cis/assets/css/style.css?ver=4669

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/67C4) /

Resource Hash

de66dfb08e30748f9ae4d6b7f79ddbe26db1173101a99e255c5da16344ddab15

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Origin: https://www.cisecurity.org
Referer: https://www.cisecurity.org/wp-content/themes/cis/assets/css/style.css?ver=4669
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/67C4)
age: 14760
etag: "15e25f-36578-585f782663bc1+gzip"
x-frame-options: DENY
x-cache: HIT
content-type: text/plain; charset=UTF-8
status: 200
content-length: 116199

GET
H2 200 OpenSans-Regular.ttf
www.cisecurity.org/wp-content/themes/cis/assets/fonts/ 212 KB
111 KB 39ms
39ms Font
application/octet-stream 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/fonts/OpenSans-Regular.ttf

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/wp-content/themes/cis/assets/css/style.css?ver=4669

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/6716) /

Resource Hash

664bc86a83c449f366975cf98dbd56bc3ae1de3b6780060384737f96b94e9791

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Origin: https://www.cisecurity.org
Referer: https://www.cisecurity.org/wp-content/themes/cis/assets/css/style.css?ver=4669
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/6716)
age: 14760
etag: "15e264-35110-585f782665b02+gzip"
x-frame-options: DENY
x-cache: HIT
content-type: text/plain; charset=UTF-8
status: 200
content-length: 113987

GET
H2 200 glyphicons-halflings-regular.woff2
www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/fonts/ 18 KB
18 KB 21ms
20ms Font
application/octet-stream 68.232.34.125
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/css/bootstrap.min.css?ver=5.5.3

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.125 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/67C9) /

Resource Hash

ba3fe63eac33e099b1600d123a80bc075696219926d63f6adc4b9401aad71ca9

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Origin: https://www.cisecurity.org
Referer: https://www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/css/bootstrap.min.css?ver=5.5.3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Sun, 07 Apr 2019 21:36:14 GMT
server: ECAcc (frb/67C9)
age: 14760
etag: "15e24a-466c-585f7826597b0+gzip"
x-frame-options: DENY
x-cache: HIT
content-type: text/plain; charset=UTF-8
status: 200
content-length: 18056

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P5Q9JG6&gtm_auth=nxQySRuQFY4djanswAuNtQ&gtm_preview=env-5&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4469
date: Fri, 30 Oct 2020 23:15:48 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Sat, 31 Oct 2020 01:15:48 GMT

GET
H2 200 bc.min.html
consentcdn.cookiebot.com/sdk/ Frame B3AC 0
0 23ms
8ms Document
text/html 2a02:26f0:6c00:281::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:281::f09 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: consentcdn.cookiebot.com
:scheme: https
:path: /sdk/bc.min.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cisecurity.org/blog/ransomware-/u0026
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cisecurity.org/blog/ransomware-/u0026

Response headers

status: 200
accept-ranges: bytes
content-type: text/html
etag: "050e4adb822a6bf552eb219e8945446d:1599652698.304056"
last-modified: Wed, 09 Sep 2020 11:58:18 GMT
server: AkamaiNetStorage
x-akamai-transformed: 9 - 0 pmb=mRUM,1
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=474
expires: Sat, 31 Oct 2020 00:38:11 GMT
date: Sat, 31 Oct 2020 00:30:17 GMT
content-length: 385
server-timing: cdn-cache; desc=HIT edge; dur=1

GET
H3-Q050 200 js Show response
www.google-analytics.com/gtm/ 80 KB
32 KB 44ms
29ms Script
application/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-NKMWZVJ&t=gtm2&cid=440646407.1604104218&aip=true

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7e055390cf000947697f9aa2798023efacb0e8b7fa9d3f3bfc3f99f80c59b15c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32279
x-xss-protection: 0
last-modified: Sat, 31 Oct 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 31 Oct 2020 00:30:17 GMT

GET
H2 200 cc.js Show response
consent.cookiebot.com/965d9c8b-6ef3-48b4-ba8f-11d8d9ba39c1/ 116 KB
31 KB 110ms
110ms Script
application/x-javascript 2a02:26f0:f1::48f7:b3c8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/965d9c8b-6ef3-48b4-ba8f-11d8d9ba39c1/cc.js?renew=false&referer=www.cisecurity.org&dnt=false&forceshow=false&cbid=965d9c8b-6ef3-48b4-ba8f-11d8d9ba39c1&whitelabel=false&brandid=Cookiebot&framework=
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1::48f7:b3c8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 96e0eb0ba856b03c5627d1314c5e6418ba7db46a71d0c4bea432c91b43dca0f3

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:17 GMT
content-encoding: gzip
last-modified: Sat, 31 Oct 2020 00:30:17 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
status: 200
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1200
access-control-allow-headers: cache-control, expires, Access-Control-Allow-Headers, Origin, Pragma, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
content-length: 30942

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
169 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&aip=1&a=946394944&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cisecurity.org%2Fblog%2Fransomware-%2Fu0026&ul=en-us&de=UTF-8&dt=404%20-%20Page%20Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=1551966791&gjid=1849356947&cid=440646407.1604104218&tid=UA-4446498-12&_gid=1037344939.1604104218&_r=1&gtm=2wgal2P5Q9JG6&z=1046602813

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 00:30:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.cisecurity.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-4446498-12&cid=440646407.1604104218&jid=1551966791&gjid=1849356947&_gid=1037344939.1604104218&_u=aGDAAEACQAAAAC~&z=1936314243

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 31 Oct 2020 00:30:17 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.cisecurity.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 16ms
16ms Image
image/gif 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-4446498-12&cid=440646407.1604104218&jid=1551966791&_u=aGDAAEACQAAAAC~&z=1846258662

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 00:30:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 17ms
17ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-4446498-12&cid=440646407.1604104218&jid=1551966791&_u=aGDAAEACQAAAAC~&z=1846258662

Requested by

Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 00:30:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 409ms
102ms Script
application/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: www.cisecurity.org
URL: https://www.cisecurity.org/blog/ransomware-/u0026
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 31 Oct 2020 00:30:18 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Fri, 13 Mar 2020 17:28:24 GMT
Server: PardotServer
ETag: "1442-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1842
Expires: Mon, 31 Oct 2022 00:30:18 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 4 KB
3 KB 338ms
337ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=2596&account_id=800323&title=404%20-%20Page%20Not%20Found&url=https%3A%2F%2Fwww.cisecurity.org%2Fblog%2Fransomware-%2Fu0026%23160%3Bfacts-threats-and-countermeasures%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 5c495989fc64a967597ce0e12618759c1161816641fca9d05e0001f3033cb1f9

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 31 Oct 2020 00:30:18 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 16/120/195
Vary: Accept-Encoding,User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1739
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
learn.cisecurity.org/ 52 B
1 KB 497ms
176ms Script
text/javascript 18.232.28.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://learn.cisecurity.org/analytics?conly=true&visitor_id=201827165&visitor_id_sign=85bc6686bdbf1fe38f6c9b04c22d53c644f4567ae379e96e34246c0822e1d6f176fffdb6499f9647190cf8e2f4f4677feeb9cba0&pi_opt_in=&campaign_id=2596&account_id=800323&title=404%20-%20Page%20Not%20Found&url=https://www.cisecurity.org/blog/ransomware-/u0026
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=2596&account_id=800323&title=404%20-%20Page%20Not%20Found&url=https%3A%2F%2Fwww.cisecurity.org%2Fblog%2Fransomware-%2Fu0026%23160%3Bfacts-threats-and-countermeasures%2F&referrer=
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.28.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-6-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 31 Oct 2020 00:30:19 GMT
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: e95a292e477f6214c8e77c2cf881a7d3
X-Pardot-Rsp: 16/99/131
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 52
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 embed_shepherd-v1.js Show response
fast.wistia.com/static/ 606 KB
110 KB 22ms
7ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/static/embed_shepherd-v1.js

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=2596&account_id=800323&title=404%20-%20Page%20Not%20Found&url=https%3A%2F%2Fwww.cisecurity.org%2Fblog%2Fransomware-%2Fu0026%23160%3Bfacts-threats-and-countermeasures%2F&referrer=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

84178a6fdfa67c8ce0d08dc7cbc2ecd31f2f4803265d772b643802ace97fe948

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 00:30:19 GMT
content-encoding: br
vary: Accept-Encoding
age: 996
x-cache: HIT, HIT
status: 200
content-length: 112454
x-served-by: cache-dca17777-DCA, cache-hhn4041-HHN
access-control-allow-origin: *
x-browser-version: 83
last-modified: Fri, 30 Oct 2020 20:06:43 GMT
x-timer: S1604104219.013188,VS0,VE0
etag: "5f9c7253-1b746"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 6

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
48 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&aip=0&a=946394944&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cisecurity.org%2Fblog%2Fransomware-%2Fu0026&dp=%2Fblog%2Fransomware-%2Fu0026&ul=en-us&de=UTF-8&dt=404%20-%20Page%20Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=823958157&gjid=612441880&cid=440646407.1604104218&tid=UA-150713566-52&_gid=1037344939.1604104218&_r=1&_slc=1&cd12=420c70665fd445358623ebe8c5379cac&cd15=3c527c99-b6b9-43bf-bd68-48a90a783722&cd13=(not%20set)&cd1=(not%20set)&cd14=(not%20set)&z=1832609598

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cisecurity.org/blog/ransomware-/u0026
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 00:30:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.cisecurity.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cisecurity.org/	1970-01-19 22:20:36	Name: __ncuid Value: 3c527c99-b6b9-43bf-bd68-48a90a783722
.cisecurity.org/	1970-01-19 13:36:30	Name: _gid Value: GA1.2.1037344939.1604104218
.cisecurity.org/	1970-01-19 13:35:04	Name: _gat_UA-4446498-12 Value: 1
.cisecurity.org/	1970-01-19 22:20:40	Name: _ga Value: GA1.2.440646407.1604104218

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.newscred.com
cdn.jsdelivr.net
consent.cookiebot.com
consentcdn.cookiebot.com
fast.wistia.com
learn.cisecurity.org
pi.pardot.com
stats.g.doubleclick.net
www.cisecurity.org
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
18.232.28.189
2a00:1450:4001:801::2003
2a00:1450:4001:80b::2008
2a00:1450:4001:80b::200e
2a00:1450:4001:816::200e
2a00:1450:4001:817::2004
2a00:1450:400c:c07::9b
2a02:26f0:6c00:281::f09
2a02:26f0:f1::48f7:b3c8
2a04:4e42:1b::621
2a04:4e42:1b::622
52.21.178.134
52.85.32.110
68.232.34.125
04a024db9dad3b3857317791372856c5f8ce449d2bdafe84defb7496c7f93c06
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
21c8fc8f9ff649c59b46df2ad7818c8f2e203921b20ae544821061df8713cd3b
2c7b9bce54a9bfdd134ad06eb8b68ce5bd98bcf38620ee1861d76996f98af18e
38b9e0c77b01c539b2ca88106a701bdba32686814162ec99c1b0d71e88ed441e
39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b
4070a903cad9fd4c86decd909c3ca199c575c02bc7990fe4a75a5cd4f9f9c056
4170cf2bd73977a7825ae1303e08b1f366e25380eb2dc67fb546f3b5815bb2fc
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
575da3ffc058c15fbc836c1f1089ebfe3a80f63a3ef5094f32134773da667fa7
5c495989fc64a967597ce0e12618759c1161816641fca9d05e0001f3033cb1f9
664bc86a83c449f366975cf98dbd56bc3ae1de3b6780060384737f96b94e9791
6e2453c2a90ec881960e826322f17056c34c9e9d8b8f4e32349548cf8e2f6543
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
7231473d7b231f86009b6377c5cdcb2d050aa5854334bf210a6bde4bcfa1384f
772aed2cf700b617330eaacbdbd55ae8e1ef89a8747d2880f095c65d843ee02e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7e055390cf000947697f9aa2798023efacb0e8b7fa9d3f3bfc3f99f80c59b15c
84178a6fdfa67c8ce0d08dc7cbc2ecd31f2f4803265d772b643802ace97fe948
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
8e0d2ab4f0a4a7e5a6c1755abf9d48ac795a9ab41c35802bbda956e4338ff50f
8e1ade447eb09eff321edd665d73738798b73f2d00e5c4a6696fd11c2196f543
8ed0835901adc6163e6a3eac19bf3ba7fcebfe7a6060e01d4a14d58b0cc9c70c
925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8
96e0eb0ba856b03c5627d1314c5e6418ba7db46a71d0c4bea432c91b43dca0f3
9b3e12a77d78aa821c00ea9ac65246d8880792df747cd87bd84e986cdd68ec38
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a82f8644df0410e649fbefd6b2d19a3c19896a4b55687bbc7a719e6b2d5ad042
ba3fe63eac33e099b1600d123a80bc075696219926d63f6adc4b9401aad71ca9
cb8add66674b5127df91491fe234388629bfd8d492aaca53eb62b2cd28c23aa4
d87631f4d1c5ba6465102505cc414acff24d253f833e526d83dad124ccd1ee96
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de66dfb08e30748f9ae4d6b7f79ddbe26db1173101a99e255c5da16344ddab15
df40c77e0080a524ed7cce475240dc309bac6b26521946f227717be0dc4886e7
e0e230666e4320b5e5eed23e87028f0c7cf69437bb865879694f3924ae882594
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5454c551961aba6050dc1f6230ac8f9351c1df710c6a43f0e3e66f935805a14

www.cisecurity.org Open in urlscan Pro 68.232.34.125 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

44 Requests

100 %HTTPS

71 %IPv6

11 Domains

13 Subdomains

14 IPs

4 Countries

1267 kBTransfer

2341 kBSize

4 Cookies

13 Outgoing links

Redirected requests

44 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cisecurity.org Open in urlscan Pro
68.232.34.125 Public Scan

Screenshot
Live screenshot

Full Image

44
Requests

100 %
HTTPS

71 %
IPv6

11
Domains

13
Subdomains

14
IPs

4
Countries

1267 kB
Transfer

2341 kB
Size

4
Cookies

44 HTTP transactions
0 data transactions