www.itproportal.com Open in urlscan Pro
185.113.25.50 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Submission: On September 24 via api (September 24th 2020, 5:47:02 pm UTC) from US

Summary HTTP 33 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 19 IPs in 5 countries across 13 domains to perform 33 HTTP transactions. The main IP is 185.113.25.50, located in United Kingdom and belongs to FUTURE, GB. The main domain is www.itproportal.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 23rd 2020. Valid for: 3 months.

This is the only time www.itproportal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	185.113.25.50 185.113.25.50	20596 (FUTURE) (FUTURE)
4	2600:9000:214... 2600:9000:214f:6e00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
9	67.27.159.124 67.27.159.124	3356 (LEVEL3) (LEVEL3)
1	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE)
1	185.113.25.51 185.113.25.51	20596 (FUTURE) (FUTURE)
1 2	23.37.53.17 23.37.53.17	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.35.255.237 13.35.255.237	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:819::200e	15169 (GOOGLE) (GOOGLE)
1	3.213.50.82 3.213.50.82	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206e:cc00:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	185.113.25.54 185.113.25.54	20596 (FUTURE) (FUTURE)
1	2a00:1450:400... 2a00:1450:4001:819::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	99.86.3.65 99.86.3.65	16509 (AMAZON-02) (AMAZON-02)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
33	19

1 185.113.25.50 (United Kingdom)

ASN20596 (FUTURE, GB)
PTR: vif15.web.future.net.uk

www.itproportal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:214f:6e00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 67.27.159.124 (United States)

ASN3356 (LEVEL3, US)

vanilla.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mos.cms.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.113.25.51 (United Kingdom)

ASN20596 (FUTURE, GB)

widgets.future-fie.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.53.17 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-53-17.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.255.237 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-255-237.fra6.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.213.50.82 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-50-82.compute-1.amazonaws.com

srv-2020-09-24-17.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206e:cc00:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.113.25.54 (United Kingdom)

ASN20596 (FUTURE, GB)
PTR: vif09.web.future.net.uk

search-api.fie.future.net.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.3.65 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-65.fra6.r.cloudfront.net

audit-tcfv2.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	futurecdn.net bordeaux.futurecdn.net Failed vanilla.futurecdn.net cdn.mos.cms.futurecdn.net	641 KB
6	consensu.org quantcast.mgr.consensu.org test.quantcast.mgr.consensu.org audit-tcfv2.quantcast.mgr.consensu.org	199 KB
3	google-analytics.com www.google-analytics.com	19 KB
2	google.de ampcid.google.de www.google.de	1009 B
2	google.com ampcid.google.com www.google.com	1 KB
2	parsely.com cdn.parsely.com srv-2020-09-24-17.pixel.parsely.com	19 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com	1 KB
1	skimresources.com r.skimresources.com	407 B
1	future.net.uk search-api.fie.future.net.uk	43 KB
1	doubleclick.net stats.g.doubleclick.net	457 B
1	onesignal.com cdn.onesignal.com	3 KB
1	future-fie.co.uk widgets.future-fie.co.uk Failed	42 KB
1	itproportal.com www.itproportal.com	38 KB
33	13

	Domain	Requested by
7	vanilla.futurecdn.net	www.itproportal.com
4	quantcast.mgr.consensu.org	www.itproportal.com quantcast.mgr.consensu.org
3	www.google-analytics.com	www.itproportal.com
2	sb.scorecardresearch.com	1 redirects www.itproportal.com
2	cdn.mos.cms.futurecdn.net	www.itproportal.com
1	r.skimresources.com	www.itproportal.com
1	audit-tcfv2.quantcast.mgr.consensu.org	www.itproportal.com
1	www.google.de	www.itproportal.com
1	www.google.com	www.itproportal.com
1	search-api.fie.future.net.uk	www.itproportal.com
1	test.quantcast.mgr.consensu.org	www.itproportal.com
1	stats.g.doubleclick.net	www.itproportal.com
1	ampcid.google.de	www.itproportal.com
1	srv-2020-09-24-17.pixel.parsely.com	www.itproportal.com
1	ampcid.google.com	www.itproportal.com
1	cdn.parsely.com	www.itproportal.com
1	cdn.onesignal.com	www.itproportal.com
1	widgets.future-fie.co.uk	www.itproportal.com
1	www.itproportal.com
0	bordeaux.futurecdn.net Failed	www.itproportal.com
33	20

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.futureplc.com
pinterest.com

Subject Issuer	Validity	Valid
itproportal.com Let's Encrypt Authority X3	`2020-09-23` - `2020-12-22`	3 months	crt.sh
quantcast.mgr.consensu.org Amazon	`2020-05-22` - `2021-06-22`	a year	crt.sh
*.futurecdn.net DigiCert SHA2 High Assurance Server CA	`2020-06-26` - `2022-07-11`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
future-fie.co.uk Let's Encrypt Authority X3	`2020-09-23` - `2020-12-22`	3 months	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
*.parsely.com Amazon	`2020-08-02` - `2021-09-02`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.pixel.parsely.com Let's Encrypt Authority X3	`2020-07-30` - `2020-10-28`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.quantcast.mgr.consensu.org Amazon	`2020-05-22` - `2021-06-22`	a year	crt.sh
search-api.fie.future.net.uk Let's Encrypt Authority X3	`2020-09-23` - `2020-12-22`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2020-09-10` - `2021-10-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Frame ID: AA510EFD0E8145931724972008EAC30A
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

33
Requests

94 %
HTTPS

50 %
IPv6

13
Domains

20
Subdomains

19
IPs

5
Countries

1053 kB
Transfer

3159 kB
Size

7
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/itproportal

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/user?screen_name=itproportal

Search URL Search Domain Scan URL

URL: https://www.futureplc.com/terms-conditions/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Ransomware%20authors%20are%20joining%20forces&url=https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://www.itproportal.com/news/ransomware-authors-are-joining-forces/&media=https://cdn.mos.cms.futurecdn.net/7AsmexfAsz8ayBuv7MPTgR-1200-80.jpg
Title:

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/
Title: Visit our corporate site

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/terms-conditions/
Title: Terms and conditions

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/privacy-policy/
Title: Privacy policy

Search URL Search Domain Scan URL

URL: http://www.futureplc.com/cookies-policy/
Title: Cookies policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://sb.scorecardresearch.com/p?c1=2&c2=10055482&cv=3.6&cj=1 HTTP 302
https://sb.scorecardresearch.com/p2?c1=2&c2=10055482&cv=3.6&cj=1&cs_ak_ss=1

33 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
www.itproportal.com/news/ransomware-authors-are-joining-forces/ 134 KB
38 KB 137ms
33ms Document
text/html 185.113.25.50
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.113.25.50 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif15.web.future.net.uk
Software: /
Resource Hash: 4840731f536e459144531f33710f23051ed8dede64f6613a9166d4d4337fceab

Request headers

Host: www.itproportal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Sep 2020 11:05:30 GMT
Content-Type: text/html; charset=UTF-8
X-FTR-Request-ID: c02a4ee5-cfdc-45d0-ba94-af16b6962e0d 00000000:C744_00000000:01BB_5F6CDB85_37A6C4:736D
Last-Modified: Wed, 23 Sep 2020 11:05:30 GMT
X-TraceId: 19022633b6d7744b
Xkey: itproportal-platform-responsive itproportal-article-bqGrMkDPS7fo2cCCyhP64B itproportal-articletype-news itproportal-articletemplate-standard itproportal-article-age-recent itproportal-region-GB itproportal-language-en itproportal-author-ELZahWhJAXUYezKBy4bDTT itproportal-tag-wTKdvBtG2yArDUcuHELTHo itproportal-tag-jdqQ6329KFuWVmUmvZAjLZ itproportal-tag-MVeQq8xRYw7YdifyNHmo4G itproportal-tag-KQuLUYdQG3KxR9tZ76QGgF itproportal-tag-95yQKLn2wwNLUTdWrXpwqc itproportal-version-26.29.0 itproportal-server-ftefrontprod-172-20-9-85
X-FTR-Cache-Host: ftefrontprod-172-20-9-85
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 110474
X-Country-Code: GB
X-FTR-Cache-Status: HIT
X-FTR-Expires: Fri, 25 Sep 2020 11:05:30 GMT
Expires: Thu, 24 Sep 2020 17:51:45 GMT
Cache-Control: max-age=300,public
Set-Cookie: FTR_Country_Code=NL; path=/; domain=www.itproportal.com
X-Country-Code-Real: NL
Accept-Ranges: bytes
Content-Length: 37589
X-FTR-Balancer: fteproxy-185-113-25-48
X-FTR-Backend: www-live-sites-varnish-new
X-FTR-Backend-Server: ftevarnishprod-172-20-8-36

GET responsive.js
widgets.future-fie.co.uk/js/w/ 0
0

GET bordeaux.js
bordeaux.futurecdn.net/ 0
0

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.itproportal.com/ 3 KB
2 KB 48ms
13ms Script
application/javascript 2600:9000:214f:6e00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.itproportal.com/choice.js?timestamp=1600969605211
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 32285339eb953c2fd88fd3da881cf058c7d60fc3a6391e6067d7e376aa83c645

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 17:46:45 GMT
content-encoding: gzip
etag: "2718fbd0eaa4e89f496c09f473ec81cb"
last-modified: Mon, 24 Aug 2020 15:20:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
status: 200
x-amz-cf-id: Dkhr5DkQW5UL-dLe4d10x6rxy4IoGzS7KI1MlNEBxGD7iLMlpPYI9Q==
via: 1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)

GET
DATA 200
OK truncated
/ 0
0 Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Origin: https://www.itproportal.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff2

GET
H/1.1 200
OK vanFont-OpenSans-woff2.json Show response
vanilla.futurecdn.net/itproportal/1/media/fonts/json/ 68 KB
51 KB 244ms
155ms Script
application/json 67.27.159.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/itproportal/1/media/fonts/json/vanFont-OpenSans-woff2.json
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 93d4105c5a36b54933b7136bf6f408163c31f1c511f20078ee9931f9a9fece53

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 14 Sep 2020 07:43:06 GMT
Content-Encoding: gzip
Age: 900219
X-FTR-Backend-Server: ftefrontprodred.core.future.net.uk
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: www-live-sites
Connection: keep-alive
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:6731_00000000:0050_5F5F1F0A_628D:2F04
Last-Modified: Fri, 11 Sep 2020 15:07:11 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"5f5b929f-10f87"
Access-Control-Allow-Methods: GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Wed, 14 Oct 2020 07:43:06 GMT

GET
H/1.1 200
OK vanFont-itproportal-woff.json Show response
vanilla.futurecdn.net/itproportal/1/media/fonts/json/ 8 KB
7 KB 113ms
35ms Script
application/json 67.27.159.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/itproportal/1/media/fonts/json/vanFont-itproportal-woff.json
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 16eb877bab7403584c4e79d9c0ee9c6dd691a6feb5c8a7447fb7a54f2f801854

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 04 Sep 2020 09:52:09 GMT
Content-Encoding: gzip
Age: 1756476
X-FTR-Backend-Server: ftefrontprodred.core.future.net.uk
Transfer-Encoding: chunked
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: www-live-sites
Connection: keep-alive
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:57AF_00000000:0050_5F520E49_1C0EEE:0D5B
Last-Modified: Thu, 03 Sep 2020 11:24:18 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"5f50d262-200f"
Access-Control-Allow-Methods: GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
access-control-allow-credentials: true
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Sun, 04 Oct 2020 09:52:09 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 8 KB
3 KB 29ms
12ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffb110318b55e8d7acaeaa7816d495e33a5000643327241099565537973ed051

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 17:46:45 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 3108
etag: W/"af07e3bccd7885748057bb532c526ac5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=43200
cf-ray: 5d7e53a0da820605-FRA
cf-request-id: 0562d2988800000605a7b8f200000001
expires: Fri, 25 Sep 2020 05:46:45 GMT

GET
H/1.1 200
OK itproportal.png
vanilla.futurecdn.net/itproportal/media/img/ 9 KB
10 KB 110ms
33ms Image
image/png 67.27.159.124
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vanilla.futurecdn.net/itproportal/media/img/itproportal.png
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: e5993a2b8fe9b3b0f0f7fa4966981fa47fdb502fe5b52b62ec30c5c8e3ff27fb

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 03 Sep 2020 05:41:50 GMT
Age: 1857895
X-FTR-Backend-Server: ftefrontprodblue.core.future.net.uk
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: www-live-sites
Connection: keep-alive
Content-Length: 9683
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:D1C8_00000000:0050_5F50821E_1818D4B:03E1
Last-Modified: Thu, 27 Aug 2020 11:24:33 GMT
Server: Footprint Distributor V6.1.1162
ETag: "5f4797f1-25d3"
Access-Control-Allow-Methods: GET
Content-Type: image/png
access-control-allow-origin: *
Cache-Control: max-age=2592000
access-control-allow-credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Sat, 03 Oct 2020 05:41:50 GMT

GET
H/1.1 200
OK 7AsmexfAsz8ayBuv7MPTgR-650-80.jpg
cdn.mos.cms.futurecdn.net/ 25 KB
25 KB 116ms
39ms Image
image/jpeg 67.27.159.124
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mos.cms.futurecdn.net/7AsmexfAsz8ayBuv7MPTgR-650-80.jpg
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.19.0 /
Resource Hash: eaa9f5f29810ab76fa89b2b90e512934de123b761613b079c71f6879de259a6a

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 11 Sep 2020 19:17:47 GMT
X-Backend: default
Age: 1117738
X-FTR-DC: TC
X-FTR-Realm: pip
X-FTR-Backend: mos_kodiak
Connection: keep-alive
X-FTR-Cache-Status: MISS
Content-Length: 25256
X-FTR-Balancer: bulkproxyprod01
X-FTR-Request-ID: 00000000:A133_00000000:0050_5F5BCD59_62C107:514C
Server: nginx/1.19.0
X-Served-By: kodiak-varnish-7965878cb7-4nnhm
Content-Type: image/jpeg
X-FTR-Backend-Server: kube
Cache-Control: max-age=5184000
Accept-Ranges: bytes
Expires: Tue, 10 Nov 2020 23:25:13 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
19 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 1865
date: Thu, 24 Sep 2020 17:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Thu, 24 Sep 2020 19:15:40 GMT

GET
H/1.1 200
OK missing-image.svg
vanilla.futurecdn.net/itproportal/media/img/ 2 KB
2 KB 108ms
29ms Image
image/svg+xml 67.27.159.124
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vanilla.futurecdn.net/itproportal/media/img/missing-image.svg
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: c333253d35d9ea22c91a797c5ad5a77e17ee1575465e284ae2503cb345d5c5c5

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 29 Aug 2020 14:11:59 GMT
Content-Encoding: gzip
Age: 2259286
X-FTR-Backend-Server: ftefrontprod-172-20-9-86
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: www-live-sites
Connection: keep-alive
Content-Length: 1033
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:B338_00000000:0050_5F4A622B_29F805F:7F20
Last-Modified: Thu, 27 Aug 2020 11:24:33 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"5f4797f1-932"
access-control-allow-methods: GET
Content-Type: image/svg+xml
access-control-allow-origin: *
Cache-Control: max-age=2592000
access-control-allow-credentials: true
Accept-Ranges: bytes
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 28 Sep 2020 14:14:55 GMT

GET
H/1.1 200
OK hawklinks.js Show response
widgets.future-fie.co.uk/hl/ 135 KB
42 KB 113ms
35ms Script
application/javascript 185.113.25.51
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.future-fie.co.uk/hl/hawklinks.js
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.51 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
Software: /
Resource Hash: 9b4e2fa068dd3aa8df6c3a90bc0ef11ad999dd0ef84460b6ce0f5d1633a53777

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 17:26:58 GMT
Content-Encoding: gzip
X-Hawk-Country
Xkey: asset-type-fie-hawklinks
Age: 1186
X-Hawk-Area: NL
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-assets
X-FTR-Cache-Status: HIT
Content-Length: 41747
X-FTR-Expires: Thu, 24 Sep 2020 17:56:58 GMT
X-FTR-Balancer: hawk-proxy-185-113-25-40
X-FTR-Request-ID: 00000000:A074_00000000:01BB_5F6CDB85_F7B8EA:41DA
Last-Modified: Thu, 24 Sep 2020 10:51:44 GMT
X-Country-Code-Real: NL
ETag: "5f6c7a40-21d09"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
X-FTR-Backend-Server: fievarnishprodwhite
Cache-Control: max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Expires: Thu, 24 Sep 2020 18:26:58 GMT

GET
H/1.1

200
OK

p2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/p?c1=2&c2=10055482&cv=3.6&cj=1
https://sb.scorecardresearch.com/p2?c1=2&c2=10055482&cv=3.6&cj=1&cs_ak_ss=1

43 B
589 B

75ms
72ms

Image
image/gif

23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=2&c2=10055482&cv=3.6&cj=1&cs_ak_ss=1
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 17:46:45 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/p2?c1=2&c2=10055482&cv=3.6&cj=1&cs_ak_ss=1
Pragma: no-cache
Date: Thu, 24 Sep 2020 17:46:45 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p.js Show response
cdn.parsely.com/keys/itproportal.com/ 48 KB
19 KB 96ms
39ms Script
application/x-javascript 13.35.255.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/itproportal.com/p.js
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.255.237 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-255-237.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 15858206307ad259523119476dc925f0f2404bb771cd54efe01de1c2a5989649

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 24 Sep 2020 05:52:08 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 00:30:30 GMT
server: nginx
age: 42853
etag: "5e853226-c07e"
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=86400, public
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: i-Krbb1wegjy48WXa70DoRQdC0i0T1jx4mLZCfriScALyqyALjbO1A==
via: 1.1 e7e7960d7731a7583cedd8f1ff1aca38.cloudfront.net (CloudFront)
expires: Fri, 25 Sep 2020 05:52:08 GMT

GET
H/1.1 200
OK main.min.js Show response
vanilla.futurecdn.net/itproportal/208103/media/js/ 938 KB
194 KB 32ms
31ms Script
application/javascript 67.27.159.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/itproportal/208103/media/js/main.min.js
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 93cf4d0fa0c570332f6b73c8e9ebcb7a77a89ff67d1c5467290ef7223839898d

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Sep 2020 15:33:56 GMT
Content-Encoding: gzip
Age: 180769
X-FTR-Backend-Server: ftefrontprodred.core.future.net.uk
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: www-live-sites
Connection: keep-alive
Content-Length: 197511
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:7840_00000000:0050_5F6A1964_21405:7B21
Last-Modified: Tue, 22 Sep 2020 15:12:30 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"5f6a145e-ea8f7"
access-control-allow-methods: GET
Content-Type: application/javascript; charset=utf-8
access-control-allow-origin: *
Cache-Control: max-age=2592000
access-control-allow-credentials: true
Accept-Ranges: bytes
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Thu, 22 Oct 2020 15:40:56 GMT

GET
H/1.1 200
OK itproportal.min.css
vanilla.futurecdn.net/itproportal/208103/media/css/ 349 KB
48 KB 31ms
30ms Stylesheet
text/css 67.27.159.124
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://vanilla.futurecdn.net/itproportal/208103/media/css/itproportal.min.css
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 0ec27105dc1e07bd4fd020d94e763d61331e1525de92bc8bdb4bdde4a0242232

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Sep 2020 15:34:34 GMT
Content-Encoding: gzip
Age: 180731
X-FTR-Backend-Server: ftefrontprodred.core.future.net.uk
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: www-live-sites
Connection: keep-alive
Content-Length: 48546
X-FTR-Balancer: webproxyprod01
X-FTR-Request-ID: 00000000:A4B2_00000000:0050_5F6A1987_2E4B8B6:03E2
Last-Modified: Tue, 22 Sep 2020 15:12:30 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"5f6a145e-5751e"
Access-Control-Allow-Methods: GET
Content-Type: text/css
access-control-allow-origin: *
Cache-Control: max-age=2592000
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Thu, 22 Oct 2020 15:35:35 GMT

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/ 235 KB
57 KB 16ms
15ms Script
text/javascript 2600:9000:214f:6e00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.itproportal.com/choice.js?timestamp=1600969605211
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24827e8b89b890731f23b88537b15d69a6f6c0e176e727d2b791c6cae00f3eda

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 24 Sep 2020 17:46:23 GMT
content-encoding: br
last-modified: Wed, 23 Sep 2020 20:33:56 GMT
server: AmazonS3
age: 23
etag: W/"57daa148551cee8d96138d67ec09dc46"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-meta-qc-ineu: True
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: X3ywEhrHH8BFVBYxv9zeMbUXjR6ZapOxvrFgQI5Rn7ZUXkJOjZE69w==
via: 1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
567 B 36ms
14ms XHR
application/json 2a00:1450:4001:819::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Sep 2020 17:46:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.itproportal.com
access-control-expose-headers: content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 6 KB
6 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b54290f9d276e81c3ecb50eca0f8e86a9156a7309cb56662a830bc58db8b2c72

Request headers

Origin: https://www.itproportal.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
H/1.1 200
OK /
srv-2020-09-24-17.pixel.parsely.com/plogger/ 43 B
229 B 436ms
108ms Image
image/gif 3.213.50.82
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://srv-2020-09-24-17.pixel.parsely.com/plogger/?rand=1600969605468&plid=62014532&idsite=itproportal.com&url=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fransomware-authors-are-joining-forces%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fransomware-authors-are-joining-forces%2F&sref=&sts=1600969605455&slts=0&title=Ransomware+authors+are+joining+forces+%7C+ITProPortal&date=Thu+Sep+24+2020+19%3A46%3A45+GMT%2B0200+(Central+European+Summer+Time)&action=pageview&pvid=22238015&u=pid%3Df450131faa61572be826f7a98e17c95c
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.213.50.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-50-82.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 17:46:32 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
496 B 34ms
13ms XHR
application/json 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Sep 2020 17:46:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.itproportal.com
access-control-expose-headers: content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
457 B 41ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-460866-1&cid=2070556088.1600969606&jid=1791291706&gjid=1508010521&_gid=1135126468.1600969606&_u=YGBAgEABBAQCAE~&z=1180066026

Requested by

Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 24 Sep 2020 17:46:45 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.itproportal.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
62 B 6ms
6ms Image
image/gif 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&a=1042618637&t=pageview&_s=1&dl=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fransomware-authors-are-joining-forces%2F&ul=en-us&de=UTF-8&dt=Ransomware%20authors%20are%20joining%20forces%20%7C%20ITProPortal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABBAQC~&jid=1791291706&gjid=1508010521&cid=2070556088.1600969606&tid=UA-460866-1&_gid=1135126468.1600969606&cd57=vanilla-beta&cd40=Ransomware&cd41=Ransom%7CREvil%7CEncryption%7CData%7CCryptography&cd42=Software&cd45=Ransomware&cd46=ransomware&cd47=Ransomware_authors_are_joining_forces&cd50=5&cd51=false&cd58=ransomware%7CSodinokibi%7CMaze%7Ccartel&cd74=&cd13=false&cd10=EN-GB&cd1=news&cd2=security&cd4=Tech_IT_ProPortal%2F&cd5=bqGrMkDPS7fo2cCCyhP64B&cd6=%7Cransomware%7Csodinokibi%7Cmaze%7Ccartel%7Ccontentdev%7Cserversidehawk&cd7=sead_fadilpa%C5%A1i%C4%87&cd8=21-09-2020&cd9=1&cd27=208103&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS%7CAU%7CSG&cd128=21-09-2020&cd31=9.6&cd30=4g&z=605530683

Requested by

Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 09:27:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29953
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 8f6960327756f48463157a29c624e341-1024-80.png
cdn.mos.cms.futurecdn.net/ 301 KB
302 KB 35ms
35ms Image
image/png 67.27.159.124
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mos.cms.futurecdn.net/8f6960327756f48463157a29c624e341-1024-80.png
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.19.0 /
Resource Hash: 60c241d785fbcd5f46e055447e69a9708dce28727effd43c0b1683f1d2bd410c

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 24 Aug 2020 12:05:19 GMT
X-Backend: default
Age: 2698886
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: mos_kodiak
Connection: keep-alive
X-FTR-Cache-Status: MISS
Content-Length: 308243
X-FTR-Balancer: bulkproxyprodred
X-FTR-Request-ID: 00000000:B3E2_00000000:0050_5F43ACFF_17ECCFE:398C
Server: nginx/1.19.0
X-Served-By: kodiak-mos-adapter-varnish-fdc57966-f7bhl
Content-Type: image/png
X-FTR-Backend-Server: kube
Cache-Control: max-age=5184000
Accept-Ranges: bytes
Expires: Fri, 23 Oct 2020 12:05:25 GMT

GET
H2 200 cmp-list.json Show response
test.quantcast.mgr.consensu.org/GVL-v2/ 6 KB
2 KB 62ms
19ms XHR
application/json 2600:9000:206e:cc00:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:cc00:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 444261a6795dbd19e62cee7a40c2ff5044ac410009b887822c057feaebdb650b

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 16:12:18 GMT
content-encoding: gzip
age: 5668
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Fri, 11 Sep 2020 19:52:29 GMT
server: AmazonS3
etag: W/"103947b3836cf21a2dcaa140d58f89fb"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json
via: 1.1 cc6cd0f2b9d4d88785ea5a737059a4ff.cloudfront.net (CloudFront)
cache-control: max-age:1296000
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: QXjhrdVcBtFsqdd83HjzZk50HWyWzNjiRqewDwqe00vWFWkQ78ljXQ==

GET
H/1.1 200
OK merchant-domains.php Show response
search-api.fie.future.net.uk/ 197 KB
43 KB 111ms
33ms Fetch
application/json 185.113.25.54
FUTURE

General

Check archive.org

Show headers Download Go to

Full URL: https://search-api.fie.future.net.uk/merchant-domains.php?site=ITPROPORTAL
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 185.113.25.54 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS: vif09.web.future.net.uk
Software: /
Resource Hash: 6d147251e770d702b94183b05c3020f58d4b85f83cdbde517683e771e367025f

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 17:33:41 GMT
Content-Encoding: gzip
X-Hawk-Country
Age: 783
X-Hawk-Area: NL
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: fie-api
X-FTR-Cache-Status: HIT
Content-Length: 42842
X-FTR-Expires: Thu, 24 Sep 2020 18:03:41 GMT
X-FTR-Balancer: hawkproxyprodred
X-FTR-Request-ID: 00000000:9102_00000000:01BB_5F6CDB85_AAEA30:0FD3
X-Country-Code-Real: NL
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8;
X-FTR-Backend-Server: fievarnishprodwhite
Cache-Control: max-age=300,public
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
Expires: Thu, 24 Sep 2020 17:51:45 GMT

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 12b9d92963b594157b22adeebfbcf463b80c5d504f0fefe3bee1533e20a996c9

Request headers

Origin: https://www.itproportal.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff2

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83113ce831f3f1ec8841232d895e17f722444b1939f5230891f7ff17a7c53618

Request headers

Origin: https://www.itproportal.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff2

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6ed0702c109875dca01cfa51b44aa5c9da3f51892f8e9ba54e523d772ca20afb

Request headers

Origin: https://www.itproportal.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff2

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a223174668e40dccd38462d34304503b75e31e700bff92b7e9e8fdda3274670

Request headers

Origin: https://www.itproportal.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff2

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
513 B 48ms
28ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-460866-1&cid=2070556088.1600969606&jid=1791291706&_u=YGBAgEABBAQCAE~&z=1723035121

Requested by

Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 17:46:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
513 B 52ms
30ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-460866-1&cid=2070556088.1600969606&jid=1791291706&_u=YGBAgEABBAQCAE~&z=1723035121

Requested by

Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 17:46:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vendor-list.json Show response
quantcast.mgr.consensu.org/GVL-v2/ 156 KB
23 KB 24ms
9ms XHR
application/json 2600:9000:214f:6e00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/GVL-v2/vendor-list.json
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 499ce406b8510ba9b06022ec718b897f52e92138d902b7c0976d8e6cb94ebf4a

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 16:11:18 GMT
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age: 5728
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 24 Sep 2020 16:11:16 GMT
server: AmazonS3
etag: W/"14d7f574ec8aeba519d341a710964796"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
via: 1.1 78c402b74e65ae12b398b6b957ab229e.cloudfront.net (CloudFront)
cache-control: max-age:518400
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: G2XqWN4exsdy-HZfaQL7GiAdG_35Dpo2dM46IRp052yA6n1QfDxlEQ==

GET
H2 200 cmp2ui-en.js Show response
quantcast.mgr.consensu.org/tcfv2/13/ 441 KB
115 KB 9ms
8ms Script
text/javascript 2600:9000:214f:6e00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/13/cmp2ui-en.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 026487255aac1cc874ba7c26cbcbc621410e5b9197cb8d8f43d9fa7e96807c83

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 20:34:00 GMT
content-encoding: br
age: 76366
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
access-control-max-age: 604800
access-control-allow-origin: *
last-modified: Wed, 23 Sep 2020 20:33:29 GMT
server: AmazonS3
etag: W/"30acc15731cb331e0711bd04025446af"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: NHkr8aRQevXAyxsmdB9GKjMYilV0Yq2lYr_52zFGzuwSbUciRZ_RrQ==

GET
H2 200 / Show response
audit-tcfv2.quantcast.mgr.consensu.org/ 80 B
514 B 82ms
31ms XHR
text/html 99.86.3.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%22uer8ZPXHG8WDU%22%2C%22publisher%22%3A%22ITProPortal%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.13%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22byOVjRh2p8fwXweScFU19Q%22%2C%22clientTimestamp%22%3A1600969605967%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-9w22b7t2scnpobwj0ece%22%7D
Requested by: Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.3.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-65.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 13:50:48 GMT
via: 1.1 8cdf0467c0468ddfe8e9873c6bb8304c.cloudfront.net (CloudFront)
age: 14159
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
access-control-max-age: 3000
content-length: 80
last-modified: Tue, 26 Nov 2019 14:21:44 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
vary: Origin
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: mS6TzXjRGGMGQjlTgXQlcJvA1bd_Bi_eU321DsdKrYJG8yqGnjd3lA==

GET
H2 200 / Show response
r.skimresources.com/api/ 149 B
407 B 78ms
31ms Fetch
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?persistence=1&xguid=01BT2SNRZKMTD96W8181AS0KKC&data={%22pubcode%22:%2292X1583683%22,%22domains%22:[%22itproportal.com%22,%22facebook.com%22,%22twitter.com%22,%22futureplc.com%22,%22send%22,%22pinterest.com%22,%22%22],%22page%22:%22https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fransomware-authors-are-joining-forces%2F%22}&checksum=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Requested by

Host: www.itproportal.com
URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

23a99556fefa2ade0067a4f482a6e82161ca0144af0ad5b03e674df1f97ee397

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 17:46:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
status: 200
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.itproportal.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: application/json
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK itpp_logo.svg
vanilla.futurecdn.net/itproportal/media/img/ 3 KB
2 KB 23ms
23ms Image
image/svg+xml 67.27.159.124
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vanilla.futurecdn.net/itproportal/media/img/itpp_logo.svg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 6f5381f4e70abf6be8a25d07971f5c2eeb9706444913fb592294d27196f2ac06

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 15 Sep 2020 15:11:31 GMT
Content-Encoding: gzip
Age: 786915
X-FTR-Backend-Server: ftefrontprod-172-20-9-86
X-FTR-DC: IX
X-FTR-Realm: pip
X-FTR-Backend: www-live-sites
Connection: keep-alive
Content-Length: 1432
X-FTR-Balancer: webproxyprodred
X-FTR-Request-ID: 00000000:D88B_00000000:0050_5F60D9A3_2EDA9:2F04
Last-Modified: Mon, 14 Sep 2020 15:58:18 GMT
Server: Footprint Distributor V6.1.1162
ETag: W/"5f5f931a-b6c"
Access-Control-Allow-Methods: GET
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
access-control-allow-credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Thu, 15 Oct 2020 15:11:39 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
62 B 6ms
6ms Image
image/gif 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&a=1042618637&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fransomware-authors-are-joining-forces%2F&ul=en-us&de=UTF-8&dt=Ransomware%20authors%20are%20joining%20forces%20%7C%20ITProPortal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Performance%20Metrics&ea=TTI&el=1122&ev=1122&_u=aGBAgEABBAQCAE~&jid=&gjid=&cid=2070556088.1600969606&tid=UA-460866-1&_gid=1135126468.1600969606&cd57=vanilla-beta&cd40=Ransomware&cd41=Ransom%7CREvil%7CEncryption%7CData%7CCryptography&cd42=Software&cd45=Ransomware&cd46=ransomware&cd47=Ransomware_authors_are_joining_forces&cd50=5&cd51=false&cd58=ransomware%7CSodinokibi%7CMaze%7Ccartel&cd74=&cd13=false&cd10=GB&cd5=bqGrMkDPS7fo2cCCyhP64B&cm1=6977&cm29=379&z=545401859

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 09:27:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29960
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: widgets.future-fie.co.uk
URL: https://widgets.future-fie.co.uk/js/w/responsive.js

Domain: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.itproportal.com/	1970-01-19 12:42:49	Name: _gat Value: 1
.itproportal.com/	1970-01-19 12:44:16	Name: _gid Value: GA1.2.1135126468.1600969606
.itproportal.com/	1970-01-19 22:12:13	Name: _parsely_visitor Value: {%22id%22:%22pid=f450131faa61572be826f7a98e17c95c%22%2C%22session_count%22:1%2C%22last_session_ts%22:1600969605455}
.itproportal.com/	1970-01-19 12:42:53	Name: AMP_TOKEN Value: %24NOT_FOUND
.itproportal.com/	1970-01-19 12:42:51	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://www.itproportal.com/news/ransomware-authors-are-joining-forces/%22%2C%22sref%22:%22%22%2C%22sts%22:1600969605455%2C%22slts%22:0}
.itproportal.com/	1970-01-20 06:14:01	Name: _ga Value: GA1.2.2070556088.1600969606
.www.itproportal.com/	1969-12-31 23:59:59	Name: FTR_Country_Code Value: NL

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/(Line 238) Message: DOMContentLoaded at 140
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	log	URL: https://vanilla.futurecdn.net/itproportal/208103/media/js/main.min.js(Line 28) Message: Lead Gen MVP: false
console-api	log	URL: https://vanilla.futurecdn.net/itproportal/208103/media/js/main.min.js(Line 28) Message: No archive filter present
console-api	log	URL: https://vanilla.futurecdn.net/itproportal/208103/media/js/main.min.js(Line 28) Message: no primary nav
console-api	log	URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/(Line 239) Message: PageLoad at 870
console-api	warning	URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/(Line 115) Message: CMP not loaded after 6 seconds. Trying again.
console-api	warning	URL: https://www.itproportal.com/news/ransomware-authors-are-joining-forces/(Line 115) Message: CMP not loaded after 6 seconds. Trying again.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ampcid.google.com
ampcid.google.de
audit-tcfv2.quantcast.mgr.consensu.org
bordeaux.futurecdn.net
cdn.mos.cms.futurecdn.net
cdn.onesignal.com
cdn.parsely.com
quantcast.mgr.consensu.org
r.skimresources.com
sb.scorecardresearch.com
search-api.fie.future.net.uk
srv-2020-09-24-17.pixel.parsely.com
stats.g.doubleclick.net
test.quantcast.mgr.consensu.org
vanilla.futurecdn.net
widgets.future-fie.co.uk
www.google-analytics.com
www.google.com
www.google.de
www.itproportal.com
bordeaux.futurecdn.net
widgets.future-fie.co.uk
13.35.255.237
185.113.25.50
185.113.25.51
185.113.25.54
23.37.53.17
2600:9000:206e:cc00:3:a4cd:8380:93a1
2600:9000:214f:6e00:9:46dc:4700:93a1
2606:4700::6812:e234
2a00:1450:4001:802::200e
2a00:1450:4001:809::2003
2a00:1450:4001:819::2004
2a00:1450:4001:819::200e
2a00:1450:4001:821::200e
2a00:1450:400c:c0c::9d
3.213.50.82
35.190.59.101
67.27.159.124
99.86.3.65
026487255aac1cc874ba7c26cbcbc621410e5b9197cb8d8f43d9fa7e96807c83
0ec27105dc1e07bd4fd020d94e763d61331e1525de92bc8bdb4bdde4a0242232
12b9d92963b594157b22adeebfbcf463b80c5d504f0fefe3bee1533e20a996c9
15858206307ad259523119476dc925f0f2404bb771cd54efe01de1c2a5989649
16eb877bab7403584c4e79d9c0ee9c6dd691a6feb5c8a7447fb7a54f2f801854
23a99556fefa2ade0067a4f482a6e82161ca0144af0ad5b03e674df1f97ee397
24827e8b89b890731f23b88537b15d69a6f6c0e176e727d2b791c6cae00f3eda
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
32285339eb953c2fd88fd3da881cf058c7d60fc3a6391e6067d7e376aa83c645
444261a6795dbd19e62cee7a40c2ff5044ac410009b887822c057feaebdb650b
4840731f536e459144531f33710f23051ed8dede64f6613a9166d4d4337fceab
499ce406b8510ba9b06022ec718b897f52e92138d902b7c0976d8e6cb94ebf4a
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
60c241d785fbcd5f46e055447e69a9708dce28727effd43c0b1683f1d2bd410c
6d147251e770d702b94183b05c3020f58d4b85f83cdbde517683e771e367025f
6ed0702c109875dca01cfa51b44aa5c9da3f51892f8e9ba54e523d772ca20afb
6f5381f4e70abf6be8a25d07971f5c2eeb9706444913fb592294d27196f2ac06
7a223174668e40dccd38462d34304503b75e31e700bff92b7e9e8fdda3274670
83113ce831f3f1ec8841232d895e17f722444b1939f5230891f7ff17a7c53618
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
93cf4d0fa0c570332f6b73c8e9ebcb7a77a89ff67d1c5467290ef7223839898d
93d4105c5a36b54933b7136bf6f408163c31f1c511f20078ee9931f9a9fece53
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9b4e2fa068dd3aa8df6c3a90bc0ef11ad999dd0ef84460b6ce0f5d1633a53777
b54290f9d276e81c3ecb50eca0f8e86a9156a7309cb56662a830bc58db8b2c72
c333253d35d9ea22c91a797c5ad5a77e17ee1575465e284ae2503cb345d5c5c5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5993a2b8fe9b3b0f0f7fa4966981fa47fdb502fe5b52b62ec30c5c8e3ff27fb
eaa9f5f29810ab76fa89b2b90e512934de123b761613b079c71f6879de259a6a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ffb110318b55e8d7acaeaa7816d495e33a5000643327241099565537973ed051

www.itproportal.com Open in urlscan Pro 185.113.25.50 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

33 Requests

94 %HTTPS

50 %IPv6

13 Domains

20 Subdomains

19 IPs

5 Countries

1053 kBTransfer

3159 kBSize

7 Cookies

10 Outgoing links

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.itproportal.com Open in urlscan Pro
185.113.25.50 Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

94 %
HTTPS

50 %
IPv6

13
Domains

20
Subdomains

19
IPs

5
Countries

1053 kB
Transfer

3159 kB
Size

7
Cookies

33 HTTP transactions
6 data transactions