www.bleepingcomputer.com Open in urlscan Pro
104.20.60.209 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://info.silobreaker.com/e2t/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/f18dQhb0S5fl8Z9b3TN59r2rlHyjJqV...
Effective URL:
https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V3...
Submission: On February 19 via api (February 19th 2020, 6:20:05 pm UTC) from US

Summary HTTP 537 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 66 IPs in 6 countries across 45 domains to perform 537 HTTP transactions. The main IP is 104.20.60.209, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 12th 2018. Valid for: 2 years.

This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700::68... 2606:4700::6811:7db4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.20.60.209 104.20.60.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
32	104.26.13.6 104.26.13.6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	151.101.114.217 151.101.114.217	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:817::2008	15169 (GOOGLE) (GOOGLE)
3 5	2a00:1450:400... 2a00:1450:4001:820::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81f::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE)
4	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2606:4700:20:... 2606:4700:20::681a:18b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	212.71.236.117 212.71.236.117	63949 (LINODE-AP...) (LINODE-AP Linode)
8	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:2c00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE)
2	2600:9000:214... 2600:9000:214f:9200:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
1	23.210.250.213 23.210.250.213	16625 (AKAMAI-AS) (AKAMAI-AS)
1	172.217.22.70 172.217.22.70	15169 (GOOGLE) (GOOGLE)
3	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE)
1	13.35.253.24 13.35.253.24	16509 (AMAZON-02) (AMAZON-02)
1	50.16.134.22 50.16.134.22	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:214... 2600:9000:214f:e800:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02)
10	172.217.22.2 172.217.22.2	15169 (GOOGLE) (GOOGLE)
1	143.204.202.94 143.204.202.94	16509 (AMAZON-02) (AMAZON-02)
7	143.204.201.153 143.204.201.153	16509 (AMAZON-02) (AMAZON-02)
6	35.226.134.247 35.226.134.247	15169 (GOOGLE) (GOOGLE)
5	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
58	185.33.223.80 185.33.223.80	29990 (ASN-APPNEX) (ASN-APPNEX)
29	2a02:fa8:8806... 2a02:fa8:8806:12::1430	41041 (VCLK-EU-) (VCLK-EU-)
18	18.197.234.227 18.197.234.227	16509 (AMAZON-02) (AMAZON-02)
5	23.210.249.164 23.210.249.164	16625 (AKAMAI-AS) (AKAMAI-AS)
1 11	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
5	3.124.120.214 3.124.120.214	16509 (AMAZON-02) (AMAZON-02)
11	104.16.68.69 104.16.68.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	69.173.144.140 69.173.144.140	26667 (RUBICONPR...) (RUBICONPROJECT)
21 64	152.199.22.24 152.199.22.24	15133 (EDGECAST) (EDGECAST)
3	151.101.113.194 151.101.113.194	54113 (FASTLY) (FASTLY)
1	18.211.96.69 18.211.96.69	14618 (AMAZON-AES) (AMAZON-AES)
2	13.35.253.107 13.35.253.107	16509 (AMAZON-02) (AMAZON-02)
4	52.54.227.62 52.54.227.62	14618 (AMAZON-AES) (AMAZON-AES)
4	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE)
3	2600:1f18:612... 2600:1f18:612b:4264:99e0:7fe3:6615:bfea	14618 (AMAZON-AES) (AMAZON-AES)
2	104.85.250.71 104.85.250.71	16625 (AKAMAI-AS) (AKAMAI-AS)
7	52.21.193.116 52.21.193.116	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.202.117 143.204.202.117	16509 (AMAZON-02) (AMAZON-02)
1	52.1.207.152 52.1.207.152	14618 (AMAZON-AES) (AMAZON-AES)
2	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
2	151.101.13.140 151.101.13.140	54113 (FASTLY) (FASTLY)
19	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
24	52.49.142.168 52.49.142.168	16509 (AMAZON-02) (AMAZON-02)
24	69.16.175.10 69.16.175.10	20446 (HIGHWINDS3) (HIGHWINDS3)
1	151.139.128.10 151.139.128.10	20446 (HIGHWINDS3) (HIGHWINDS3)
24	2a00:1288:f03... 2a00:1288:f03d:1fa::4000	10310 (YAHOO-1) (YAHOO-1)
24	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
11	2a00:1450:400... 2a00:1450:4001:821::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
23	52.18.86.70 52.18.86.70	16509 (AMAZON-02) (AMAZON-02)
23	34.248.21.38 34.248.21.38	16509 (AMAZON-02) (AMAZON-02)
4 9	35.157.121.171 35.157.121.171	16509 (AMAZON-02) (AMAZON-02)
5	23.210.249.92 23.210.249.92	16625 (AKAMAI-AS) (AKAMAI-AS)
5	23.210.249.83 23.210.249.83	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.37.55.184 23.37.55.184	16625 (AKAMAI-AS) (AKAMAI-AS)
537	66

2 2606:4700::6811:7db4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

info.silobreaker.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.60.209 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bleepingcomputer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 104.26.13.6 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bleepstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.114.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdns.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ck.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:820::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s9.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:18b (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.71.236.117 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-212-71-236-117.london.nodebalancer.linode.com

ecdn.analysis.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:2c00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:214f:9200:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s17-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.24 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-24.fra6.r.cloudfront.net

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.16.134.22 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-134-22.compute-1.amazonaws.com

core.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:e800:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.217.22.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s14-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.202.94 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-94.fra53.r.cloudfront.net

api.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 143.204.201.153 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-153.fra53.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.226.134.247 (United States)

ASN15169 (GOOGLE, US)
PTR: 247.134.226.35.bc.googleusercontent.com

prebid.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

58 185.33.223.80 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a02:fa8:8806:12::1430 (Sweden)

ASN41041 (VCLK-EU-, SE)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 18.197.234.227 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.249.164 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-164.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

freestar-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.124.120.214 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-120-214.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.16.68.69 (United States)

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

64 152.199.22.24 (United States) 21 redirects

ASN15133 (EDGECAST, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.113.194 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.211.96.69 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-96-69.compute-1.amazonaws.com

embed.air.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.253.107 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-107.fra6.r.cloudfront.net

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.54.227.62 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-227-62.compute-1.amazonaws.com

rtb.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.226.36.58 (United States)

ASN15169 (GOOGLE, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:612b:4264:99e0:7fe3:6615:bfea (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

slckg-phfiv.ads.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.85.250.71 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-85-250-71.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.21.193.116 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-193-116.compute-1.amazonaws.com

trk.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.202.117 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-117.fra53.r.cloudfront.net

audit.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.1.207.152 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-207-152.compute-1.amazonaws.com

cluster-na.cdnjquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 52.49.142.168 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com

vid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 69.16.175.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: hwcdn.net

vpaid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

cdn-sp-s3.air.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1288:f03d:1fa::4000 (United Kingdom)

ASN10310 (YAHOO-1, US)

cdn-ssl.vidible.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 178.162.133.150 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:821::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 52.18.86.70 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com

bc-rtb-dub.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 34.248.21.38 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com

vid-io.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.157.121.171 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-121-171.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.249.92 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-92.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.249.83 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-83.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.55.184 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-55-184.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
94	springserve.com vid.springserve.com vpaid.springserve.com bc-rtb-dub.springserve.com vid-io.springserve.com	2 MB
64	advertising.com 21 redirects adserver-us.adtech.advertising.com	21 KB
63	adnxs.com ib.adnxs.com acdn.adnxs.com	58 KB
32	bleepstatic.com www.bleepstatic.com	211 KB
29	dotomi.com web.hb.ad.cpe.dotomi.com	25 KB
24	sonobi.com apex.go.sonobi.com	15 KB
24	vidible.tv cdn-ssl.vidible.tv	186 KB
24	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	220 KB
22	connatix.com cdn.connatix.com cdns.connatix.com ck.connatix.com core.connatix.com rtb.connatix.com i.connatix.com trk.connatix.com	452 KB
18	sharethrough.com btlr.sharethrough.com	2 KB
15	doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net securepubads.g.doubleclick.net	103 KB
15	pub.network a.pub.network d.pub.network prebid.pub.network c.pub.network	227 KB
14	3lift.com 4 redirects tlx.3lift.com eb2.3lift.com	4 KB
11	ampproject.org cdn.ampproject.org	215 KB
11	rubiconproject.com fastlane.rubiconproject.com eus.rubiconproject.com	15 KB
11	districtm.io dmx.districtm.io cdn.districtm.io	770 B
11	openx.net 1 redirects freestar-d.openx.net eu-u.openx.net	2 KB
10	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	386 B
8	gstatic.com fonts.gstatic.com	87 KB
7	amazon-adsystem.com c.amazon-adsystem.com	30 KB
7	google.com 3 redirects www.google.com cse.google.com adservice.google.com	3 KB
6	consensu.org quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org vendorlist.consensu.org api.quantcast.mgr.consensu.org audit.quantcast.mgr.consensu.org	140 KB
5	casalemedia.com as-sec.casalemedia.com	5 KB
5	googleapis.com fonts.googleapis.com	4 KB
3	tremorhub.com slckg-phfiv.ads.tremorhub.com	1 KB
3	fastly.net confiant-integrations.global.ssl.fastly.net	84 KB
3	googletagservices.com www.googletagservices.com	69 KB
3	addthis.com s9.addthis.com s7.addthis.com	189 KB
2	reddit.com www.reddit.com	928 B
2	facebook.com graph.facebook.com	1003 B
2	scorecardresearch.com sb.scorecardresearch.com	618 B
2	ad-delivery.net ad-delivery.net	1 KB
2	air.tv embed.air.tv cdn-sp-s3.air.tv	79 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	silobreaker.com 1 redirects info.silobreaker.com	3 KB
1	ytimg.com s.ytimg.com	10 KB
1	youtube.com www.youtube.com	1 KB
1	cdnjquery.com cluster-na.cdnjquery.com	356 B
1	videoplayerhub.com freestar-io.videoplayerhub.com	24 KB
1	addthisedge.com v1.addthisedge.com	855 B
1	moatads.com z.moatads.com	1 KB
1	google.de adservice.google.de	778 B
1	analysis.fi ecdn.analysis.fi	2 KB
1	googletagmanager.com www.googletagmanager.com	28 KB
1	bleepingcomputer.com www.bleepingcomputer.com	14 KB
537	45

	Domain	Requested by
64	adserver-us.adtech.advertising.com	21 redirects www.bleepingcomputer.com a.pub.network
58	ib.adnxs.com	a.pub.network vpaid.springserve.com
32	www.bleepstatic.com	www.bleepingcomputer.com cdn.connatix.com www.bleepstatic.com
29	web.hb.ad.cpe.dotomi.com	a.pub.network vpaid.springserve.com
24	apex.go.sonobi.com	vpaid.springserve.com
24	cdn-ssl.vidible.tv	vpaid.springserve.com
24	vpaid.springserve.com	cdns.connatix.com
24	vid.springserve.com	cdns.connatix.com
23	vid-io.springserve.com	vpaid.springserve.com
23	bc-rtb-dub.springserve.com	vpaid.springserve.com
19	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.bleepingcomputer.com confiant-integrations.global.ssl.fastly.net cdn.ampproject.org pagead2.googlesyndication.com tpc.googlesyndication.com
18	btlr.sharethrough.com	a.pub.network
11	cdn.ampproject.org	securepubads.g.doubleclick.net confiant-integrations.global.ssl.fastly.net
10	fastlane.rubiconproject.com	a.pub.network
10	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.bleepingcomputer.com info.silobreaker.com
9	eb2.3lift.com	4 redirects a.pub.network
8	fonts.gstatic.com	cdn.connatix.com www.bleepstatic.com www.bleepingcomputer.com
7	trk.connatix.com	www.bleepingcomputer.com
7	i.connatix.com	www.bleepingcomputer.com
7	c.amazon-adsystem.com	a.pub.network c.amazon-adsystem.com
6	eu-u.openx.net	1 redirects a.pub.network
6	dmx.districtm.io	a.pub.network
6	prebid.pub.network	a.pub.network
5	acdn.adnxs.com	a.pub.network
5	ads.pubmatic.com	a.pub.network
5	cdn.districtm.io	a.pub.network
5	tlx.3lift.com	a.pub.network
5	freestar-d.openx.net	a.pub.network
5	as-sec.casalemedia.com	a.pub.network
5	hbopenbid.pubmatic.com	a.pub.network
5	pagead2.googlesyndication.com	www.bleepingcomputer.com pagead2.googlesyndication.com
5	www.google.com	3 redirects www.bleepingcomputer.com
5	fonts.googleapis.com	www.bleepingcomputer.com confiant-integrations.global.ssl.fastly.net
4	c.pub.network	a.pub.network
4	rtb.connatix.com	cdns.connatix.com
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.bleepingcomputer.com
3	slckg-phfiv.ads.tremorhub.com	cdns.connatix.com
3	confiant-integrations.global.ssl.fastly.net	a.pub.network confiant-integrations.global.ssl.fastly.net
3	www.googletagservices.com	a.pub.network pagead2.googlesyndication.com info.silobreaker.com
3	d.pub.network	a.pub.network
2	www.reddit.com	s9.addthis.com
2	graph.facebook.com	s9.addthis.com
2	sb.scorecardresearch.com	www.bleepingcomputer.com
2	ad-delivery.net	freestar-io.videoplayerhub.com www.bleepingcomputer.com
2	s7.addthis.com	s9.addthis.com
2	www.google-analytics.com	www.googletagmanager.com www.bleepingcomputer.com
2	static.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
2	a.pub.network	www.bleepingcomputer.com a.pub.network
2	info.silobreaker.com	1 redirects
1	eus.rubiconproject.com	a.pub.network
1	s.ytimg.com	www.youtube.com
1	www.youtube.com	cdn-sp-s3.air.tv
1	cdn-sp-s3.air.tv	embed.air.tv
1	cluster-na.cdnjquery.com	freestar-io.videoplayerhub.com
1	audit.quantcast.mgr.consensu.org	static.quantcast.mgr.consensu.org
1	embed.air.tv	a.pub.network
1	api.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	vendorlist.consensu.org	quantcast.mgr.consensu.org
1	core.connatix.com	cdns.connatix.com
1	freestar-io.videoplayerhub.com	a.pub.network
1	ck.connatix.com	cdns.connatix.com
1	ad.doubleclick.net	www.bleepingcomputer.com
1	v1.addthisedge.com	s9.addthis.com
1	z.moatads.com	s9.addthis.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	quantcast.mgr.consensu.org	www.bleepstatic.com
1	cdns.connatix.com	cdn.connatix.com
1	ecdn.analysis.fi	www.bleepingcomputer.com
1	s9.addthis.com	www.bleepingcomputer.com
1	cse.google.com	www.bleepingcomputer.com
1	www.googletagmanager.com	www.bleepingcomputer.com
1	cdn.connatix.com	www.bleepingcomputer.com
1	www.bleepingcomputer.com	info.silobreaker.com
537	74

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.youtube.com
deals.bleepingcomputer.com
connatix.com

Subject Issuer	Validity	Valid
info.silobreaker.com CloudFlare Inc ECC CA-2	`2019-12-17` - `2020-10-09`	10 months	crt.sh
bleepingcomputer.com COMODO RSA Domain Validation Secure Server CA	`2018-05-12` - `2020-05-17`	2 years	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-11` - `2020-10-09`	a year	crt.sh
j3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-02-19` - `2021-01-14`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2020-09-04`	a year	crt.sh
*.analysis.fi Sectigo RSA Domain Validation Secure Server CA	`2019-06-13` - `2020-06-12`	a year	crt.sh
quantcast.mgr.consensu.org Amazon	`2019-05-06` - `2020-06-06`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2019-02-09` - `2020-05-16`	a year	crt.sh
*.videoplayerhub.com Amazon	`2019-07-18` - `2020-08-18`	a year	crt.sh
*.connatix.com Amazon	`2019-10-19` - `2020-11-19`	a year	crt.sh
vendorlist.consensu.org Amazon	`2020-02-07` - `2021-03-07`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2019-10-07` - `2020-09-29`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.sharethrough.com Amazon	`2019-10-07` - `2020-11-07`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2019-07-17` - `2020-03-09`	8 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
districtm.io CloudFlare Inc ECC CA-2	`2019-03-26` - `2020-03-26`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 High Assurance Server CA	`2018-05-22` - `2020-05-26`	2 years	crt.sh
*.freetls.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-12-18` - `2020-12-18`	a year	crt.sh
*.air.tv Amazon	`2019-08-14` - `2020-09-14`	a year	crt.sh
ad-delivery.net Amazon	`2019-03-07` - `2020-04-07`	a year	crt.sh
*.tremorhub.com Amazon	`2019-08-22` - `2020-09-22`	a year	crt.sh
*.scorecardresearch.com Sectigo RSA Organization Validation Secure Server CA	`2019-12-16` - `2020-12-25`	a year	crt.sh
*.assetbucket.net Amazon	`2019-09-11` - `2020-10-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-01-16` - `2020-04-15`	3 months	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2018-08-17` - `2020-09-02`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
*.springserve.com Amazon	`2020-01-21` - `2021-02-21`	a year	crt.sh
cdn-sp-s3.air.tv Sectigo RSA Domain Validation Secure Server CA	`2019-12-24` - `2020-03-23`	3 months	crt.sh
cdn-ycs.vidible.tv DigiCert SHA2 High Assurance Server CA	`2020-01-30` - `2020-07-28`	6 months	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2019-02-01` - `2021-02-04`	2 years	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh

This page contains 59 frames:

Primary Page: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Frame ID: 2436338A07C6E8AC32C260A24A9E4B3B
Requests: 239 HTTP requests in this frame

Frame: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Frame ID: 3837D827138FC708B22FAD1C2AE86853
Requests: 39 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200213/r20190131/zrt_lookup.html
Frame ID: E3B1826C405059BBC72CCBF6647FADE2
Requests: 1 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v29/cmp-3pc-check.html
Frame ID: A87198A0CD3F5DBDE6B271FB447289B1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1582069417&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1582136387155&bpp=4&bdt=348&fdt=279&idt=279&shv=r20200213&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3394360841184&frm=20&pv=2&ga_vid=576930721.1582136387&ga_sid=1582136387&ga_hid=1286602131&ga_fc=0&iag=0&icsg=2199033749504&dssz=48&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040068%2C21065305%2C21065381%2C44714170&oid=3&pvsid=2679631808844855&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=289
Frame ID: DC92CED7FD778C2940A8926238CB6AA0
Requests: 1 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 491193762140D5C43029C657E89F7611
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js
Frame ID: 13CE02DAD99AC3AD4DE0DBF37A0801CF
Requests: 22 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js
Frame ID: 38672F81986734550F24713E54832BDC
Requests: 21 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvjuNtWux7aFEMN278S_L2SIKNCSfRHbAty31-E8pvPzIuivAIxOANGONFd-FfEOQuIMNBRTa7FRpnHOx1hY83VLWH_L6G3E1myVX83cAXrQCu-Ieg51cbAIvfnmtHJDFUA0MqmW2WBnx2z-5G1aa6c1RkKjBwVWOqxKsPUDd1MuS3Ki8PSPSCBfxHN3P9Q6HNCYBgaDW-Z5ceOlpNYR_jHUebFupGpyVUX_RKcC2BeIdDwAMLe7MA-E5wfmHLRryEXDPUcJp2SKT6a0-awFTJjKk-_hZDmS_Q3&sig=Cg0ArKJSzOgMdBj2YPRwEAE&urlfix=1&adurl=
Frame ID: 1E596C5959F959ED1B2071F41C674828
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html
Frame ID: 0864FC8C04097E21AA6A4D6BC8AB4827
Requests: 1 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: B0F29AE9033B0D74DD3EA574170A6293
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: DF14E3CAA6E80E44AC45621D438E0654
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 25595F6A915301F8F16A55D3E98D6529
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 79EC0C9A4F149839C9FB9B36A724044E
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: C46B86C7778BB5F9144584304D537248
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 9FF77E026E77388D61C1BFBFC22D9DB8
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 1712516ADEF2CCFEBB3E600DC66F3BCB
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 6613CAE62E317E950478E9DB1AD43091
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 09EB5620286B446D716C35433663A83A
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 73502381A67FDDAC5B2E0748744DEE46
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 4E02F4BD9E99FE9F2E5CE0718E2C8950
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: F9C6420065A73D83AE45A83BDCE3D329
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: B2E00755FED167F8FC244FDA29083AAB
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 141B1B497DE201CE403D3944D1465C11
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: E1BC0BD24250CF13F6B0D19CEB4AD6D6
Requests: 8 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 6E6EE37F9A4BD1362A54FDB300145219
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: E922D46044653EBD0747C4EB3F45F6DF
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: D93E70D2D9BEF816100883492048B3E7
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 815FE921F39280B4091FDAA8E0E38B60
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: B8A710EBA57C2266DD9D8D26C5692F6E
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 1D8BD0497DB2DF69E8A45F8AD4242792
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F51F0B1E35C2E32BA356FDF9DE589610
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: AB276BCD26684EE4B02B839FC0D3795B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: D66918B5662548F6A5EA2E5D5E0FD9D6
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F89471747B7A43E3F27651E112D7C8D1
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 72F1E2BDB94CC1D6E64806E0B5D97BB5
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 708D5776ABE70777B041F7AE01C1DC81
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 4CE2315F3CFA9E46EED5F80C3DCF1C99
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 142F3B02F14541D3ADAEE196CFE0CA6B
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 67929402E3DE17383ECA8E7A9945020E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 47403AE7FFB233A8130987BFDBCA81E8
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 36DED1C6DBD42049A93C96CE333F8F4E
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 25AAEB79FAB80E6F1549BC6C10CAA235
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 682781CBD30F4C9991C447FE82FA9EF5
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 8B6232AC0821DCC72B1233DDBA7FA906
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 3AF1EC9A649B51FB7C6553332AF09D98
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: FA3FE173E1E0800C6BEF01B65EA5794E
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 133D74DC2B0C560578B01F93CE722857
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 901C6BDE42A1D1BFB60FA59A61068218
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: A4587AD94A6C5089E013EEB72F730DAF
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: B8BD0EF115912B42CDBCB32C90CD1F46
Requests: 1 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 04169A151FE807A7FFE534FC1086271D
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 1DEA62F2AD90E5E1E68B9B4DA2D7F9FB
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 290A55CC4C3F1B681A8ADDEE00D37A17
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 70C9CF06881D4446A3BB3CA0C4503525
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: C16979624E750650DDDE28BDB39983AA
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 56BA117B2FDC68B69978BD475B183BFE
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: B1043519454A10F9C6B51E338F1890FA
Requests: 8 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Frame ID: 41D7D50CDD2EB9E916D885EE5D7C4216
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://info.silobreaker.com/e2t/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/f18dQhb0S5f... Page URL
https://info.silobreaker.com/events/public/v1/track/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTm... HTTP 307
https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

537
Requests

94 %
HTTPS

34 %
IPv6

45
Domains

74
Subdomains

66
IPs

6
Countries

4852 kB
Transfer

17260 kB
Size

19
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/BleepingComputer

Search URL Search Domain Scan URL

URL: https://twitter.com/BleepinComputer

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/BleepingComputer

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/
Title: Deals

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/elearning?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: eLearning

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/certifications?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: IT Certification Courses

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/gear-gadgets?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: Gear + Gadgets

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/collections/tag-cyber-security?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: Security

Search URL Search Domain Scan URL

URL: https://twitter.com/JAMESWT_MHT/status/1229676567355416578
Title: JAMESWT

Search URL Search Domain Scan URL

URL: https://twitter.com/VirITeXplorer/status/1229697387800616965
Title: TG Soft

Search URL Search Domain Scan URL

URL: https://twitter.com/reecdeep/status/1229674592068866048
Title: reecDeep

Search URL Search Domain Scan URL

URL: https://connatix.com/
Title: .st0{fill:#FFFFFF;}.st1{fill:#0099FF;}

Search URL Search Domain Scan URL

URL: https://twitter.com/LawrenceAbrams

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://info.silobreaker.com/e2t/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/f18dQhb0S5fl8Z9b3TN59r2rlHyjJqVRYJF663BmrMN3hHhdGXL0jYVnQ9Qq8--HBkW8-xQHg31T0tSN7JvjTBqgYgKW567K1q9gFRhMW3DkckP8mvdMdW5lF-VP57MkQqW2wVpqn6WJb5TW8V035P85zz8bW7bvmFv85DV-8W5Knp6-2c5MpjW85Q1083pdDhKW834DLz8XWvncW94q7cq6VKJl2W1hC_8g5lppF5W33HvFs1sf1VKW1T1Wnm8XlCSHW31jmjq8YwNlmW7pQj-H6ylphbW2MxPtg6hZLCQW7Lp1C-89fz0MW2mhMsR9kKskbW4dzB9F9lVq47W3vyJFn8s9463W7gX9sH7Ctl60W1Vj5_k88_tq4W8GC0rQ5Tqq_3W6H5Hhd940bYHW1NFfl48P4m4TN524rhzRyMW2VLDx3d1r6KlCW8rZR5b2bJkBvW1nCrbg8RtD3NW3NlyjQ4Hbh7FW6sL1b34YsHrxW6lgPVK7GkdZcW334NR64Pxhj5W3DlwBb2g4-w6f2qdtJT04 Page URL
https://info.silobreaker.com/events/public/v1/track/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/f18dQhb0S5fl8Z9b3TN59r2rlHyjJqVRYJF663BmrMN3hHhdGXL0jYVnQ9Qq8--HBkW8-xQHg31T0tSN7JvjTBqgYgKW567K1q9gFRhMW3DkckP8mvdMdW5lF-VP57MkQqW2wVpqn6WJb5TW8V035P85zz8bW7bvmFv85DV-8W5Knp6-2c5MpjW85Q1083pdDhKW834DLz8XWvncW94q7cq6VKJl2W1hC_8g5lppF5W33HvFs1sf1VKW1T1Wnm8XlCSHW31jmjq8YwNlmW7pQj-H6ylphbW2MxPtg6hZLCQW7Lp1C-89fz0MW2mhMsR9kKskbW4dzB9F9lVq47W3vyJFn8s9463W7gX9sH7Ctl60W1Vj5_k88_tq4W8GC0rQ5Tqq_3W6H5Hhd940bYHW1NFfl48P4m4TN524rhzRyMW2VLDx3d1r6KlCW8rZR5b2bJkBvW1nCrbg8RtD3NW3NlyjQ4Hbh7FW6sL1b34YsHrxW6lgPVK7GkdZcW334NR64Pxhj5W3DlwBb2g4-w6f2qdtJT04?_ud=38644da2-54c7-4512-8f35-a2a99b680fd9&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 302
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request Chain 100

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1348d7cca246e765;misc=1582136387699; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1348d7cca246e765;misc=1582136387699

Request Chain 101

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=135a77e8f6d86cad;misc=1582136387699; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=135a77e8f6d86cad;misc=1582136387699

Request Chain 102

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=136ccf48f337988a;misc=1582136387699; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=136ccf48f337988a;misc=1582136387699

Request Chain 103

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700

Request Chain 104

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700

Request Chain 105

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700

Request Chain 106

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700

Request Chain 107

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700

Request Chain 108

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=142ca4af0324fb68;misc=1582136387700; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=142ca4af0324fb68;misc=1582136387700

Request Chain 109

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700

Request Chain 110

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=144e5279dc59f809;misc=1582136387700; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=144e5279dc59f809;misc=1582136387700

Request Chain 111

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700

Request Chain 112

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700

Request Chain 133

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A69673346-5344-11ea-a43f-1283af18fee8;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700

Request Chain 134

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698ec7f8-5344-11ea-9d82-12f0dd10f918;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700

Request Chain 135

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908d0e-5344-11ea-89a8-122675b00be4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700

Request Chain 136

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A6991bfb2-5344-11ea-9be9-12a08556f668;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700

Request Chain 137

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908336-5344-11ea-a4cd-126de4777bf4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700

Request Chain 138

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698f4e30-5344-11ea-8bbf-12380fdf0cb2;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700

Request Chain 139

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A6967a43e-5344-11ea-a61d-1212911483a0;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700

Request Chain 140

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A6967cd7e-5344-11ea-8255-12569b584e72;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700

Request Chain 264

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 266

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 441

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 442

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1

Request Chain 443

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 446

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 457

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

537 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 f18dQhb0S5fl8Z9b3TN59r2rlHyjJqVRYJF663BmrMN3hHhdGXL0jYVnQ9Qq8--HBkW8-xQHg31T0tSN7JvjTBqgYgKW567K1q9gFRhMW3DkckP8mvdMdW5lF-VP57MkQqW2wVpqn6WJb5TW8V035P85zz8bW7bvmFv85DV-8W5Knp6-2c5MpjW85Q1083pdDhKW8... Show response
info.silobreaker.com/e2t/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/ 9 KB
3 KB 84ms
60ms Document
text/html 2606:4700::6811:7db4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://info.silobreaker.com/e2t/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/f18dQhb0S5fl8Z9b3TN59r2rlHyjJqVRYJF663BmrMN3hHhdGXL0jYVnQ9Qq8--HBkW8-xQHg31T0tSN7JvjTBqgYgKW567K1q9gFRhMW3DkckP8mvdMdW5lF-VP57MkQqW2wVpqn6WJb5TW8V035P85zz8bW7bvmFv85DV-8W5Knp6-2c5MpjW85Q1083pdDhKW834DLz8XWvncW94q7cq6VKJl2W1hC_8g5lppF5W33HvFs1sf1VKW1T1Wnm8XlCSHW31jmjq8YwNlmW7pQj-H6ylphbW2MxPtg6hZLCQW7Lp1C-89fz0MW2mhMsR9kKskbW4dzB9F9lVq47W3vyJFn8s9463W7gX9sH7Ctl60W1Vj5_k88_tq4W8GC0rQ5Tqq_3W6H5Hhd940bYHW1NFfl48P4m4TN524rhzRyMW2VLDx3d1r6KlCW8rZR5b2bJkBvW1nCrbg8RtD3NW3NlyjQ4Hbh7FW6sL1b34YsHrxW6lgPVK7GkdZcW334NR64Pxhj5W3DlwBb2g4-w6f2qdtJT04
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 662651cf8f23a6234caf045af60843c07cb8c8730cf62edc886d3db4105defe8

Request headers

:method: GET
:authority: info.silobreaker.com
:scheme: https
:path: /e2t/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/f18dQhb0S5fl8Z9b3TN59r2rlHyjJqVRYJF663BmrMN3hHhdGXL0jYVnQ9Qq8--HBkW8-xQHg31T0tSN7JvjTBqgYgKW567K1q9gFRhMW3DkckP8mvdMdW5lF-VP57MkQqW2wVpqn6WJb5TW8V035P85zz8bW7bvmFv85DV-8W5Knp6-2c5MpjW85Q1083pdDhKW834DLz8XWvncW94q7cq6VKJl2W1hC_8g5lppF5W33HvFs1sf1VKW1T1Wnm8XlCSHW31jmjq8YwNlmW7pQj-H6ylphbW2MxPtg6hZLCQW7Lp1C-89fz0MW2mhMsR9kKskbW4dzB9F9lVq47W3vyJFn8s9463W7gX9sH7Ctl60W1Vj5_k88_tq4W8GC0rQ5Tqq_3W6H5Hhd940bYHW1NFfl48P4m4TN524rhzRyMW2VLDx3d1r6KlCW8rZR5b2bJkBvW1nCrbg8RtD3NW3NlyjQ4Hbh7FW6sL1b34YsHrxW6lgPVK7GkdZcW334NR64Pxhj5W3DlwBb2g4-w6f2qdtJT04
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:45 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=d0030513d30f1069e485ed2aaf2e8d8591582136385; expires=Fri, 20-Mar-20 18:19:45 GMT; path=/; domain=.info.silobreaker.com; HttpOnly; SameSite=Lax __cfruid=86e6565796d33aef0999853c0d8efc6de9c18498-1582136385; path=/; domain=.info.silobreaker.com; HttpOnly; Secure; SameSite=None
cf-ray: 567a403c0cbabef6-FRA
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
server: cloudflare
content-encoding: br

GET
H2

200

Primary Request / Show response
www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/
Redirect Chain

https://info.silobreaker.com/events/public/v1/track/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/f18dQhb0S5fl8Z9b3TN59r2rlHyjJqVRYJF663BmrMN3hHhdGXL0jYVnQ9Qq8--HBkW8-xQHg31T0tSN7Jvj...
https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa...

65 KB
14 KB

633ms
551ms

Document
text/html

104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Requested by

Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/f18dQhb0S5fl8Z9b3TN59r2rlHyjJqVRYJF663BmrMN3hHhdGXL0jYVnQ9Qq8--HBkW8-xQHg31T0tSN7JvjTBqgYgKW567K1q9gFRhMW3DkckP8mvdMdW5lF-VP57MkQqW2wVpqn6WJb5TW8V035P85zz8bW7bvmFv85DV-8W5Knp6-2c5MpjW85Q1083pdDhKW834DLz8XWvncW94q7cq6VKJl2W1hC_8g5lppF5W33HvFs1sf1VKW1T1Wnm8XlCSHW31jmjq8YwNlmW7pQj-H6ylphbW2MxPtg6hZLCQW7Lp1C-89fz0MW2mhMsR9kKskbW4dzB9F9lVq47W3vyJFn8s9463W7gX9sH7Ctl60W1Vj5_k88_tq4W8GC0rQ5Tqq_3W6H5Hhd940bYHW1NFfl48P4m4TN524rhzRyMW2VLDx3d1r6KlCW8rZR5b2bJkBvW1nCrbg8RtD3NW3NlyjQ4Hbh7FW6sL1b34YsHrxW6lgPVK7GkdZcW334NR64Pxhj5W3DlwBb2g4-w6f2qdtJT04

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

389fc0acafaaf6726fc3767113714cf9536237eac05c06c6d1b660cdc28c0ad3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.bleepingcomputer.com
:scheme: https
:path: /news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Referer: https://info.silobreaker.com/e2t/c/*W6gpMd37kPB4hW1sBLTf7BLmMP0/*W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/f18dQhb0S5fl8Z9b3TN59r2rlHyjJqVRYJF663BmrMN3hHhdGXL0jYVnQ9Qq8--HBkW8-xQHg31T0tSN7JvjTBqgYgKW567K1q9gFRhMW3DkckP8mvdMdW5lF-VP57MkQqW2wVpqn6WJb5TW8V035P85zz8bW7bvmFv85DV-8W5Knp6-2c5MpjW85Q1083pdDhKW834DLz8XWvncW94q7cq6VKJl2W1hC_8g5lppF5W33HvFs1sf1VKW1T1Wnm8XlCSHW31jmjq8YwNlmW7pQj-H6ylphbW2MxPtg6hZLCQW7Lp1C-89fz0MW2mhMsR9kKskbW4dzB9F9lVq47W3vyJFn8s9463W7gX9sH7Ctl60W1Vj5_k88_tq4W8GC0rQ5Tqq_3W6H5Hhd940bYHW1NFfl48P4m4TN524rhzRyMW2VLDx3d1r6KlCW8rZR5b2bJkBvW1nCrbg8RtD3NW3NlyjQ4Hbh7FW6sL1b34YsHrxW6lgPVK7GkdZcW334NR64Pxhj5W3DlwBb2g4-w6f2qdtJT04

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:46 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d8a4e0cf6d0298719ea22f6a3bf8acca41582136386; expires=Fri, 20-Mar-20 18:19:46 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly; SameSite=Lax; Secure session_id=56ed1ad3ddc016c8dd0d9b6b15a31025; path=/; domain=.bleepingcomputer.com; httponly;Secure lav=7786; expires=Fri, 20-Mar-2020 18:19:46 GMT; Max-Age=2592000; path=/;Secure
content-security-policy: upgrade-insecure-requests;
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
last-modified: Tue, 18 Feb 2020 23:43:37 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 567a403e1de89c27-AMS
content-encoding: br

Redirect headers

status: 307
date: Wed, 19 Feb 2020 18:19:46 GMT
location: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
cf-ray: 567a403c7d36bef6-FRA
link: <https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063>; rel="canonical"
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
x-robots-tag: none
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 15 KB
1 KB 18ms
16ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dda7ea92135dcf21660d4d79391d303fc38f6a6524ae74bbe2986f1d2e990d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 19 Feb 2020 18:19:46 GMT
server: ESF
date: Wed, 19 Feb 2020 18:19:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 Feb 2020 18:19:46 GMT

GET
H2 200 bootstrap.css
www.bleepstatic.com/css/redesign/ 111 KB
17 KB 102ms
44ms Stylesheet
text/css 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/bootstrap.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 3470
cf-polished: origSize=137522
status: 200
cf-bgj: minify
last-modified: Fri, 23 Sep 2016 14:33:06 GMT
server: cloudflare
etag: W/"2184297232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40420b3bd915-AMS
expires: Thu, 12 Dec 2019 03:43:51 GMT

GET
H2 200 main.css
www.bleepstatic.com/css/redesign/ 51 KB
9 KB 130ms
72ms Stylesheet
text/css 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 3005405
cf-polished: origSize=60842
status: 200
cf-bgj: minify
last-modified: Thu, 16 Aug 2018 15:28:40 GMT
server: cloudflare
etag: W/"4249134023"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40420b3fd915-AMS
expires: Sun, 03 Nov 2019 05:26:10 GMT

GET
H2 200 home.css
www.bleepstatic.com/css/redesign/ 12 KB
3 KB 115ms
57ms Stylesheet
text/css 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/home.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 2583
cf-polished: origSize=14998
status: 200
cf-bgj: minify
last-modified: Sat, 24 Mar 2018 16:18:00 GMT
server: cloudflare
etag: W/"2402535603"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40420b41d915-AMS
expires: Wed, 27 Mar 2019 21:45:08 GMT

GET
H2 200 news.css
www.bleepstatic.com/css/redesign/ 27 KB
5 KB 129ms
71ms Stylesheet
text/css 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/news.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d44b93a0af159f0d547d7ec89e9227a5667ce1171bc630e6fbf79dae0e596e2d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 1110
cf-polished: origSize=32905
status: 200
cf-bgj: minify
last-modified: Tue, 26 Nov 2019 02:56:16 GMT
server: cloudflare
etag: W/"400467278"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40420b44d915-AMS
expires: Thu, 09 Jan 2020 10:58:56 GMT

GET
H2 200 jquery-1.11.1.min.js Show response
www.bleepstatic.com/js/redesign/ 94 KB
32 KB 115ms
58ms Script
text/javascript 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/jquery-1.11.1.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 23 Apr 2015 12:36:44 GMT
server: cloudflare
age: 3470
etag: W/"3647451394"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 567a40420b45d915-AMS
access-control-allow-origin: *
expires: Tue, 10 Dec 2019 08:09:38 GMT

GET
H2 200 news.js Show response
www.bleepstatic.com/js/redesign/ 183 B
533 B 101ms
44ms Script
text/javascript 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/news.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 1110
cf-polished: origSize=247
status: 200
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 15:41:46 GMT
server: cloudflare
etag: W/"4218930423"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40420b46d915-AMS
expires: Wed, 11 Dec 2019 05:46:52 GMT

GET
H2 200 connatix.renderer.infeed.min.js Show response
cdn.connatix.com/min/ 956 B
1 KB 82ms
24ms Script
application/javascript 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: 40df4157af3a823b59c5d2e3cbe3330283409d4573f55a0361d5fa8ad6e1c6fa

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-cache: HIT
content-type: application/javascript
status: 200
x-referer-host: bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1582136387.884367,VS0,VE0
content-length: 956
retry-after: 0
x-served-by: cache-hhn4044-HHN

GET
H2 200 qc-consent.js Show response
www.bleepstatic.com/js/qc-consent/ 3 KB
1 KB 28ms
25ms Script
text/javascript 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 558161
cf-polished: origSize=3848
status: 200
cf-bgj: minify
last-modified: Thu, 07 Feb 2019 13:49:44 GMT
server: cloudflare
etag: W/"3981350888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40427ce8d915-AMS
expires: Thu, 19 Mar 2020 07:17:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 74 KB
28 KB 23ms
21ms Script
application/javascript 2a00:1450:4001:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

01ed5024d3b2067a5f268cd76d0d521f482879188c26cc6d809ec8cb2f069c8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Cache-Control
content-length: 28487
x-xss-protection: 0
expires: Wed, 19 Feb 2020 18:19:46 GMT

GET
H2 200 logo.png
www.bleepstatic.com/images/site/ 1 KB
1 KB 26ms
24ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/logo.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
cf-cache-status: HIT
age: 1360702
cf-polished: origFmt=png, origSize=1882
status: 200
content-disposition: inline; filename="logo.webp"
cf-bgj: imgq:85
content-length: 1152
last-modified: Sat, 04 Mar 2017 04:12:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a40429d41d915-AMS
expires: Thu, 05 Mar 2020 00:21:24 GMT

GET
H2

200

brand Show response
cse.google.com/coop/cse/
Redirect Chain

https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

3 KB
2 KB

69ms
5ms

Script
text/javascript

2a00:1450:4001:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

pfe /

Resource Hash

4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: pfe
age: 215
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=1800
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1181
x-xss-protection: 0
expires: Wed, 19 Feb 2020 18:46:12 GMT

Redirect headers

date: Wed, 19 Feb 2020 18:19:46 GMT
x-content-type-options: nosniff
server: sffe
location: https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 266
x-xss-protection: 0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 107 KB
39 KB 34ms
21ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5d887f9fb82e87e50d830d07dcbb0b25e018d90ffba63d250a679f9dfa084a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 38678
x-xss-protection: 0
server: cafe
etag: 14698608287980778753
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 19 Feb 2020 18:19:46 GMT

GET
H2 200 twitter.png
www.bleepstatic.com/images/site/login/ 282 B
672 B 27ms
25ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/login/twitter.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
cf-cache-status: HIT
age: 3288
cf-polished: origFmt=png, origSize=475
status: 200
content-disposition: inline; filename="twitter.webp"
cf-bgj: imgq:85
content-length: 282
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a40429d43d915-AMS
expires: Sat, 08 Feb 2020 03:06:03 GMT

GET
H2 200 bootstrap.js Show response
www.bleepstatic.com/js/redesign/ 44 KB
10 KB 28ms
26ms Script
text/javascript 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/bootstrap.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 3470
cf-polished: origSize=65813
status: 200
cf-bgj: minify
last-modified: Thu, 23 Apr 2015 12:36:43 GMT
server: cloudflare
etag: W/"3930092018"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40429d45d915-AMS
expires: Tue, 10 Dec 2019 08:11:55 GMT

GET
H2 200 blazy.min.js Show response
www.bleepstatic.com/js/blazy/ 5 KB
2 KB 43ms
43ms Script
text/javascript 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/blazy/blazy.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Aug 2018 21:06:19 GMT
server: cloudflare
age: 3470
etag: W/"753357888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 567a40423bdfd915-AMS
access-control-allow-origin: *
expires: Thu, 28 Mar 2019 08:32:18 GMT

GET
H2 200 bleep.js Show response
www.bleepstatic.com/js/redesign/ 3 KB
813 B 27ms
26ms Script
text/javascript 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/bleep.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 1114539
cf-polished: origSize=3600
status: 200
cf-bgj: minify
last-modified: Mon, 01 Oct 2018 12:47:57 GMT
server: cloudflare
etag: W/"2696894447"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40429d46d915-AMS
expires: Thu, 12 Mar 2020 20:44:07 GMT

GET
H2 200 jquery.fancybox.js Show response
www.bleepstatic.com/js/redesign/fancybox/ 31 KB
9 KB 29ms
28ms Script
text/javascript 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 1095389
cf-polished: origSize=48706
status: 200
cf-bgj: minify
last-modified: Wed, 14 Oct 2015 20:25:51 GMT
server: cloudflare
etag: W/"327140449"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40429d47d915-AMS
expires: Fri, 13 Mar 2020 02:03:17 GMT

GET
H2 200 fixto.min.js Show response
www.bleepstatic.com/js/fixto/ 8 KB
3 KB 32ms
32ms Script
text/javascript 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/fixto/fixto.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 13 Jun 2015 21:34:42 GMT
server: cloudflare
age: 5873
etag: W/"1740214911"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 567a40425c5cd915-AMS
access-control-allow-origin: *
expires: Wed, 11 Dec 2019 05:46:52 GMT

GET
H2 200 addthis_widget.js Show response
s9.addthis.com/js/300/ 349 KB
113 KB 48ms
29ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s9.addthis.com/js/300/addthis_widget.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Tue, 21 Jan 2020 20:57:37 GMT
server: nginx/1.15.8
etag: "5e2765c1-57446"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Wed, 19 Feb 2020 18:19:46 GMT
x-host: s9.addthis.com
content-length: 114924

GET
H2 200 pubfig.min.js Show response
a.pub.network/bleepingcomputer-com/ 438 KB
117 KB 188ms
98ms Script
application/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 447feed7ecdb9ff0a9d1989b533a8be53b4cad398d6e428dc271de64956e0c95

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: br
cf-cache-status: HIT
age: 31
status: 200
x-guploader-uploadid: AEnB2UolUXfgJfr_B0tXvCuW0PNgWTvmeB4-zJnYhx8V884K__CCpDyuNVs6n7r7DHnwTSzRgPv6tfABvmqhI_aHwy14kqjDbA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Fri, 14 Feb 2020 16:42:47 GMT
server: cloudflare
etag: W/"8a09cb84f790f774960c0ff22e558250"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=9J1TzA==, md5=ignLhPeQ93SWDA/yLlWCUA==
content-type: application/javascript
x-goog-generation: 1581698567600045
cache-control: public, max-age=1800
x-goog-stored-content-length: 448740
cf-ray: 567a40431a16d709-FRA
expires: Wed, 19 Feb 2020 18:20:16 GMT

GET
H/1.1 200
OK fab.js Show response
ecdn.analysis.fi/static/js/ 4 KB
2 KB 113ms
23ms Script
application/javascript 212.71.236.117
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://ecdn.analysis.fi/static/js/fab.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.71.236.117 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: nb-212-71-236-117.london.nodebalancer.linode.com
Software: nginx/1.12.2 /
Resource Hash: affd87461f2babd57a2f7aec75e9193e8e71a377e8249a02c95a5f43326e289e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:19:09 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Jul 2015 00:00:00 GMT
Server: nginx/1.12.2
ETag: "55a5a280-560"
Content-Type: application/javascript
Cache-Control: max-age=3600
Connection: close
Content-Length: 1376
Expires: Wed, 19 Feb 2020 19:19:09 GMT

GET
H2 200 login_bg.png
www.bleepstatic.com/images/site/ 126 B
369 B 24ms
24ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/login_bg.png
Requested by: Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
cf-cache-status: HIT
age: 3288
cf-polished: origFmt=png, origSize=187
status: 200
content-disposition: inline; filename="login_bg.webp"
cf-bgj: imgq:85
content-length: 126
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a40429d63d915-AMS
expires: Sat, 08 Feb 2020 00:48:24 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 5ms
5ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 19:10:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 2329755
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Fri, 22 Jan 2021 19:10:31 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 18 Jan 2020 01:07:50 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 2826716
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11020
x-xss-protection: 0
expires: Sun, 17 Jan 2021 01:07:50 GMT

GET
H2 200 connatix.renderer.infeed.min_dc.js Show response
cdns.connatix.com/p/1898/min/ Frame 3837 723 KB
189 KB 75ms
53ms Script
application/x-javascript 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Requested by: Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d3fbc0d72bb02d5ecccb9cbfa7db8a22330064c87cff62ccf3bdfb777c85a5b5

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
age: 267537
x-cache: HIT, HIT
status: 200
content-length: 193693
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dca17743-DCA, cache-hhn4044-HHN
last-modified: Sun, 16 Feb 2020 15:59:48 GMT
x-timer: S1582136387.006387,VS0,VE0
etag: "bbb933d214e478a3242d3a4ee961823b"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 2, 11186

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 cmp.js Show response
quantcast.mgr.consensu.org/ 223 KB
60 KB 70ms
39ms Script
text/javascript 2600:9000:2057:2c00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/cmp.js
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:2c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a59183305b5edc165b30e0a9dd7d12e23c07aa0706c8a6e0bea700b772921067

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:10:49 GMT
content-encoding: gzip
last-modified: Wed, 05 Feb 2020 23:13:04 GMT
server: AmazonS3
age: 879
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-meta-qc-ineu: True
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: fC90EKTIersSGLbabO5yV6KJL5cuHCKhJY3qQ6C4vVyuleIMAZjVJA==
via: 1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront)

GET
H2 200 nav_bg.png
www.bleepstatic.com/images/site/ 72 B
234 B 27ms
27ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/nav_bg.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
cf-cache-status: HIT
age: 585680
cf-polished: origFmt=png, origSize=83
status: 200
content-disposition: inline; filename="nav_bg.webp"
cf-bgj: imgq:85
content-length: 72
last-modified: Sat, 04 Mar 2017 07:57:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a4042bd8dd915-AMS
expires: Fri, 13 Mar 2020 23:38:26 GMT

GET
H2 200 20x20-printer.png
www.bleepstatic.com/images/site/ 422 B
588 B 22ms
22ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/20x20-printer.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
cf-cache-status: HIT
age: 6167
cf-polished: origFmt=png, origSize=824
status: 200
content-disposition: inline; filename="20x20-printer.webp"
cf-bgj: imgq:85
content-length: 422
last-modified: Sat, 03 Oct 2015 03:18:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a4042bd94d915-AMS
expires: Sat, 08 Feb 2020 00:36:58 GMT

GET
H2 200 calendar.png
www.bleepstatic.com/images/site/ 86 B
490 B 23ms
23ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/calendar.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
cf-cache-status: HIT
age: 1856
cf-polished: origFmt=png, origSize=129
status: 200
content-disposition: inline; filename="calendar.webp"
cf-bgj: imgq:85
content-length: 86
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a4042bd96d915-AMS
expires: Sat, 08 Feb 2020 03:18:21 GMT

GET
H2 200 clock.png
www.bleepstatic.com/images/site/ 252 B
413 B 26ms
26ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/clock.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
cf-cache-status: HIT
age: 121126
cf-polished: origFmt=png, origSize=1316
status: 200
content-disposition: inline; filename="clock.webp"
cf-bgj: imgq:85
content-length: 252
last-modified: Fri, 29 May 2015 07:08:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a4042bd99d915-AMS
expires: Thu, 19 Mar 2020 08:40:59 GMT

GET
H2 200 comment-light.png
www.bleepstatic.com/images/site/ 96 B
287 B 33ms
33ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/comment-light.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: HIT
age: 1784801
cf-polished: origFmt=png, origSize=1034
status: 200
content-disposition: inline; filename="comment-light.webp"
cf-bgj: imgq:85
content-length: 96
last-modified: Fri, 29 May 2015 07:08:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a4042bd9cd915-AMS
expires: Sat, 29 Feb 2020 02:33:06 GMT

GET
H2 200 32x32-printer.png
www.bleepstatic.com/images/site/ 256 B
423 B 22ms
21ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/32x32-printer.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
cf-cache-status: HIT
age: 6143
cf-polished: origFmt=png, origSize=618
status: 200
content-disposition: inline; filename="32x32-printer.webp"
cf-bgj: imgq:85
content-length: 256
last-modified: Fri, 02 Oct 2015 21:57:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a4042bda2d915-AMS
expires: Sat, 08 Feb 2020 03:01:43 GMT

GET
H2 200 21beb902b545b086a90ec39f1df36b94.jpg
www.bleepstatic.com/author/photos/ 7 KB
8 KB 22ms
22ms Image
image/jpeg 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/author/photos/21beb902b545b086a90ec39f1df36b94.jpg
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19e1dbba639ba68ceb71cdada9621e11d0aec6edba410971f1937d6cc4935b32

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:46 GMT
cf-cache-status: HIT
age: 2162708
cf-polished: origSize=7617, status=webp_bigger
status: 200
cf-bgj: imgq:85
content-length: 7581
last-modified: Mon, 26 Oct 2015 17:15:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a4042bda4d915-AMS
expires: Mon, 24 Feb 2020 17:34:37 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 10:12:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 2362051
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11180
x-xss-protection: 0
expires: Fri, 22 Jan 2021 10:12:15 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 31 Jan 2020 23:33:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 1622767
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Sat, 30 Jan 2021 23:33:39 GMT

GET
H2 200 h4-bg.png
www.bleepstatic.com/images/site/ 38 B
283 B 50ms
49ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/h4-bg.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/fixto/fixto.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: HIT
age: 3240
cf-polished: origFmt=png, origSize=72
status: 200
content-disposition: inline; filename="h4-bg.webp"
cf-bgj: imgq:85
content-length: 38
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a4042cdf2d915-AMS
expires: Thu, 06 Feb 2020 20:48:47 GMT

GET
H2 200 news_email_icon.png
www.bleepstatic.com/images/site/ 126 B
401 B 50ms
50ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/news_email_icon.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/fixto/fixto.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a

Request headers

Referer: https://www.bleepstatic.com/css/redesign/home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: HIT
age: 1857
cf-polished: origFmt=png, origSize=1105
status: 200
content-disposition: inline; filename="news_email_icon.webp"
cf-bgj: imgq:85
content-length: 126
last-modified: Fri, 29 May 2015 07:10:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a4042cdf3d915-AMS
expires: Thu, 06 Feb 2020 20:13:14 GMT

GET
H2 200 news_footer_icon.png
www.bleepstatic.com/images/site/ 110 B
285 B 50ms
50ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/news_footer_icon.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/fixto/fixto.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: HIT
age: 3231
cf-polished: origFmt=png, origSize=186
status: 200
content-disposition: inline; filename="news_footer_icon.webp"
cf-bgj: imgq:85
content-length: 110
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a4042cdf4d915-AMS
expires: Sat, 08 Feb 2020 02:43:33 GMT

GET
H2 200 0_Dharma_ransomware.jpg
www.bleepstatic.com/content/hl-images/2019/05/08/ 17 KB
18 KB 52ms
52ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/05/08/0_Dharma_ransomware.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e92af92d78628c5d32cceb0efb098a107fee4007f50a8ce7de7d8dcc03d32703

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: HIT
age: 66962
cf-polished: qual=85, origFmt=jpeg, origSize=199395
status: 200
content-disposition: inline; filename="0_Dharma_ransomware.webp"
cf-bgj: imgq:85
content-length: 17650
last-modified: Wed, 08 May 2019 14:33:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a40436fe5d915-AMS
expires: Thu, 19 Mar 2020 23:43:44 GMT

GET
H2 200 292x176_Windows_Bug0.jpg
www.bleepstatic.com/content/hl-images/2019/12/04/thumb/ 2 KB
2 KB 53ms
52ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/12/04/thumb/292x176_Windows_Bug0.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad1693db739adc2b7dbd446a33bc0f5084b8b3431c3255148102c9df0410126e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: HIT
age: 136546
cf-polished: qual=85, origFmt=jpeg, origSize=3725
status: 200
content-disposition: inline; filename="292x176_Windows_Bug0.webp"
cf-bgj: imgq:85
content-length: 1808
last-modified: Wed, 04 Dec 2019 22:29:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a40436fe6d915-AMS
expires: Thu, 19 Mar 2020 04:24:00 GMT

GET
H2 200 292x176_Phishing-WHO.jpg
www.bleepstatic.com/content/posts/2020/02/17/thumb/ 9 KB
9 KB 53ms
53ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/posts/2020/02/17/thumb/292x176_Phishing-WHO.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac5aeae4a76c65b8ac7b2fbd11a82d232e8b82f5672e81b7dc4bc4ac8ac6cc58

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: HIT
age: 47739
cf-polished: qual=85, origFmt=jpeg, origSize=9677
status: 200
content-disposition: inline; filename="292x176_Phishing-WHO.webp"
cf-bgj: imgq:85
content-length: 9006
last-modified: Mon, 17 Feb 2020 19:41:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a40436fe8d915-AMS
expires: Fri, 20 Mar 2020 05:04:07 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
778 B 61ms
15ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
778 B 59ms
14ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20200213/r20190131/ 252 KB
91 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200213/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

436522d1e687ac1925f7bade1d62c546e13bbc5bb880507ceaab0e7e2ea30b6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 93251
x-xss-protection: 0
server: cafe
etag: 1552079531844225071
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Feb 2020 18:19:47 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200213/r20190131/ Frame E3B1 0
0 7ms
6ms Document
text/html 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200213/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200213/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Thu, 13 Feb 2020 14:46:53 GMT
expires: Thu, 27 Feb 2020 14:46:53 GMT
content-type: text/html; charset=UTF-8
etag: 17772678075199185246
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4496
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 531174
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v29/ Frame A871 0
0 55ms
13ms Document
text/html 2600:9000:214f:9200:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v29/cmp-3pc-check.html
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:9200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: static.quantcast.mgr.consensu.org
:scheme: https
:path: /v29/cmp-3pc-check.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
content-type: text/html
content-length: 645
last-modified: Wed, 05 Feb 2020 23:13:01 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 19 Feb 2020 18:11:27 GMT
etag: "55b98270d639ef0c34781d9f03cce91f"
x-cache: Hit from cloudfront
via: 1.1 61adf71a363fe0f836dc69dbb43de824.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: q9hBZioBdSIWaAu63XjZ-dSFM3FC-g8X3T5quH0yLCdc7LhkHQxPlA==
age: 947

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 6375
date: Wed, 19 Feb 2020 16:33:32 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18174
expires: Wed, 19 Feb 2020 18:33:32 GMT

GET
H/1.1 200
OK moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 25ms
25ms Script
application/x-javascript 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:19:47 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Nov 2019 20:13:52 GMT
Server: AmazonS3
x-amz-request-id: FBAF69B7861DE212
ETag: "f14b4e1f799b14f798a195f43cf58376"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=37491
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 948
x-amz-id-2: mINJDBnKUfP83RzDJ6hQaYSGPvMPOM770jd+gXVSD8LFScfPdVPaVzI4W2IwmrtEKhDna93Nv9A=

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/ 2 KB
855 B 46ms
46ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/_ate.track.config_resp
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d23d10111755a12c87198df1c71cce449de31eca9643030c6327a2157f9bd86

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
etag: -1659864586--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=51, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 678

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
455 B 69ms
22ms Image
image/x-icon 172.217.22.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s17-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:17:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Thu, 20 Feb 2020 18:17:30 GMT

GET
H2 200 g Show response
ck.connatix.com/ 46 B
103 B 28ms
21ms Script
text/plain 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ck.connatix.com/g?callback=cnxJSONP_cc41710d35e54b2d3c7f1582136387274
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: 45bd0cd9231ab533fee21e6b0534387c225ee6a52abbfe24d7218643ab628f08

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-cache: HIT
status: 200
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1582136387.291482,VS0,VE0
content-length: 46
retry-after: 0
x-served-by: cache-hhn4044-HHN

GET
H2 200 jquery.fancybox.css
www.bleepstatic.com/js/redesign/fancybox/ 4 KB
1 KB 27ms
27ms Stylesheet
text/css 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: br
cf-cache-status: HIT
age: 1293
cf-polished: origSize=4895
status: 200
cf-bgj: minify
last-modified: Wed, 14 Oct 2015 20:25:51 GMT
server: cloudflare
etag: W/"9108074"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40449afad915-AMS
expires: Fri, 01 Nov 2019 06:12:37 GMT

GET
H2 200 font-awesome.css
www.bleepstatic.com/css/redesign/ 22 KB
5 KB 26ms
26ms Stylesheet
text/css 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/font-awesome.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: br
cf-cache-status: HIT
age: 3469
cf-polished: origSize=26776
status: 200
cf-bgj: minify
last-modified: Tue, 03 May 2016 04:39:29 GMT
server: cloudflare
etag: W/"1700274315"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 567a40449afbd915-AMS
expires: Wed, 03 Jul 2019 05:12:31 GMT

GET
H2 200 cmpui-popup.js Show response
static.quantcast.mgr.consensu.org/v29/ 230 KB
62 KB 7ms
7ms Script
text/javascript 2600:9000:214f:9200:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v29/cmpui-popup.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:9200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a48318a5693f53e553b5cf31728f63b87894dee6eb24e296e074a79101989362

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:12:25 GMT
content-encoding: gzip
last-modified: Wed, 05 Feb 2020 20:12:51 GMT
server: AmazonS3
age: 1202
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: 8-8q-PTEyyot2KIkmqclVi--kW6P6uY282B3X2vAKcjdOE1EmPk60A==
via: 1.1 61adf71a363fe0f836dc69dbb43de824.cloudfront.net (CloudFront)

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 14ms
14ms Image
image/gif 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1286602131&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&ul=en-us&de=UTF-8&dt=Dharma%20Ransomware%20Attacks%20Italy%20in%20New%20Spam%20Campaign&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=718554014&gjid=1055656369&cid=576930721.1582136387&tid=UA-91740-1&_gid=661045216.1582136387&_r=1&gtm=2ou2c0&z=1207710240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
472 B 501ms
123ms XHR
text/plain 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e4a746af4be65e364ef0ff9f8bd0d502628f6f6dfb1ee0829d6aacc70c7d253

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:47 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 43 KB
15 KB 28ms
15ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbac437ebe13315ccb3303a53280abc3b6dace96fb03614e0fc448227ed7ccc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "432 / 338 of 1000 / last-modified: 1582064189"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14529
x-xss-protection: 0
expires: Wed, 19 Feb 2020 18:19:47 GMT

GET
H/1.1 200
OK gallery.js Show response
freestar-io.videoplayerhub.com/ 93 KB
24 KB 181ms
20ms Script
application/javascript 13.35.253.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-io.videoplayerhub.com/gallery.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.24 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-24.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8ddd89b4cb82159e5df50047b0294ab10d0fd43dea2437ad1ba1705819bb8b63

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: sP0VRos9Uk3ztYHR8F7hTNfnaeDder5t
Content-Encoding: gzip
Last-Modified: Thu, 13 Feb 2020 20:10:48 GMT
Server: AmazonS3
Age: 44
Date: Wed, 19 Feb 2020 18:19:20 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA6-C1
Connection: keep-alive
X-Amz-Cf-Id: MM9TlGpV9wRnBraJ0BwEzaFSMr0PhpGhMxLJDIPay2Ylt0nflna6bA==

GET
H2 200 prebid-analytics-3.6.0.js Show response
a.pub.network/core/ 338 KB
103 KB 193ms
193ms Script
text/html 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a910d1809939ab14b9d05a15c1bc8736f2997bc39b37d576264dfa3b70c9b45

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: br
cf-cache-status: BYPASS
status: 200
x-guploader-uploadid: AEnB2Ur_k7AkFF42krbNYOIjGV-05bt9m3Uc4mFPsX0XT-tQWptxEDvmtx0lcUKjZfzbqePsPFbGxnLYid6uy8t60muGF8PNCQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
last-modified: Mon, 10 Feb 2020 17:48:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=NtYd2Q==, md5=QRGG5MzqUJfSkUH1MbEZLw==
content-type: text/html
x-goog-generation: 1581356889589820
cache-control: private
x-goog-stored-content-length: 346359
cf-ray: 567a404548a1d709-FRA
expires: Thu, 18 Feb 2021 18:19:47 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 51 B
498 B 483ms
126ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 6358c6ea8da1fcf2fc88c991a803c1a5f63b13247d7c546f1e3365ce17ec484d

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:47 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 layers.ab5cd98fe1b9a38a4a9f.js Show response
s7.addthis.com/static/ 263 KB
76 KB 30ms
29ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Wed, 19 Feb 2020 18:19:47 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77528

GET
H2 200 fontawesome-webfont.woff
www.bleepstatic.com/fonts/ 64 KB
64 KB 73ms
28ms Font
application/octet-stream 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

Referer: https://www.bleepstatic.com/css/redesign/font-awesome.css
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: HIT
last-modified: Thu, 23 Apr 2015 09:36:00 GMT
server: cloudflare
age: 3468
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
status: 200
accept-ranges: bytes
cf-ray: 567a4045ae5fc82f-AMS
access-control-allow-origin: *
content-length: 65452

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame DC92 0
0 105ms
105ms Document
text/html 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1582069417&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1582136387155&bpp=4&bdt=348&fdt=279&idt=279&shv=r20200213&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3394360841184&frm=20&pv=2&ga_vid=576930721.1582136387&ga_sid=1582136387&ga_hid=1286602131&ga_fc=0&iag=0&icsg=2199033749504&dssz=48&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040068%2C21065305%2C21065381%2C44714170&oid=3&pvsid=2679631808844855&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=289

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200213/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1582069417&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1582136387155&bpp=4&bdt=348&fdt=279&idt=279&shv=r20200213&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3394360841184&frm=20&pv=2&ga_vid=576930721.1582136387&ga_sid=1582136387&ga_hid=1286602131&ga_fc=0&iag=0&icsg=2199033749504&dssz=48&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040068%2C21065305%2C21065381%2C44714170&oid=3&pvsid=2679631808844855&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=289
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 Feb 2020 18:19:47 GMT
server: cafe
content-length: 34
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 19-Feb-2020 18:34:47 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires: Wed, 19 Feb 2020 18:19:47 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200213/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c445ec7d04dbd970790138d537cbfc7a3378e1137acbc0a03f05eda28bc3d7e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1582037128113531"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27669
x-xss-protection: 0
expires: Wed, 19 Feb 2020 18:19:47 GMT

GET
H2 200 pls Show response
core.connatix.com/ Frame 3837 8 KB
3 KB 363ms
115ms Script
text/plain 50.16.134.22
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://core.connatix.com/pls?callback=jQuery321033618132801328926_1582136387271&token=83c6e833-8c07-474c-b10f-079d46320a80&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&c_v=1898_1_0_0_0&page_guid=d35bd46593a19ed2ddd71582136387451&spp=1&_=1582136387272
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.16.134.22 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-134-22.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: 240c4fc28b9a4207c2acb6cb643ffa30a815d0769ff8d08a5b5691ef2835fbef

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
server: nginx/1.15.9 (Ubuntu)
access-control-allow-origin: *

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 93 KB
17 KB 42ms
9ms XHR
application/json 2600:9000:214f:e800:1:af78:4c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:e800:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d3b8f02aafe9fa6ddd5ed1e5adb03185180abdddccadf3c00b56315361b93600

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 13 Feb 2020 16:11:06 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 526122
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 13 Feb 2020 16:00:23 GMT
server: AmazonS3
access-control-max-age: 604800
access-control-allow-methods: GET
x-amz-version-id: Afk1vjFHp_J7cdjW77gZ6Y9MGZx9a2zs
via: 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA53-C1
content-type: application/json; charset=utf-8
x-amz-cf-id: VhrHOzujhNBpaRy9cD4f_xC8FoDAX1yx5QJsLlo7vNXG2KUTZPyrGw==

GET
H2 200 pubads_impl_2020021101.js Show response
securepubads.g.doubleclick.net/gpt/ 167 KB
61 KB 150ms
33ms Script
text/javascript 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js?21065556

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

52cb3d448ecca364f956f7936bd685d2d1828686f3639ef2b58cc43da91286d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 Feb 2020 14:21:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 62262
x-xss-protection: 0
expires: Wed, 19 Feb 2020 18:19:47 GMT

GET
H2 404 CookieAccess Show response
api.quantcast.mgr.consensu.org/ 30 B
597 B 182ms
129ms XHR
application/json 143.204.202.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.quantcast.mgr.consensu.org/CookieAccess
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.202.94 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-202-94.fra53.r.cloudfront.net
Software: /
Resource Hash: 5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: f5c4583f-0b7d-4a36-88db-d5f6ad55fd7c
x-cache: Error from cloudfront
status: 404
x-amz-apigw-id: IKBalES2IAMFU_w=
content-length: 50
access-control-allow-origin: https://www.bleepingcomputer.com
x-amzn-trace-id: Root=1-5e4d7c43-9da3bfc18695830c2277d650;Sampled=0
vary: Origin
access-control-allow-methods: GET, POST
content-type: application/json
via: 1.1 e0064d0a2437e206ed082e1fa1cdae61.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
x-amz-cf-id: bHdx47UFWxjJLw4OJBUQ230rXf0TQmWRAU4y3hbKl5AMQ0v-P3maIQ==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 87 KB
25 KB 75ms
33ms Script
application/javascript 143.204.201.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: ac2a58f9d55c4642121cfb6f7e213cbc882bbdd75ef171ca8a07ed982ef693ce

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 02:32:06 GMT
content-encoding: gzip
server: Server
age: 56860
etag: 1dcfbf3986ee8b9c3abbc67eb808ab43
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: _XCsjfydN3hUtElq_z6jxstpJ0RYgp0mVT-oOc-6-SZ1Kq6xLKU6wg==
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)

POST
H/1.1 200
OK cookie_sync Show response
prebid.pub.network/ 187 B
404 B 477ms
117ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/cookie_sync
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 0f26954e59757f573c709bcabe82328c10ea5f250fe6a48082eaea2e116bbb8f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 123
Expires: 0

POST
H/1.1 200
OK auction Show response
prebid.pub.network/openrtb2/ 147 B
433 B 554ms
188ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/openrtb2/auction
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 44f1cd9c3c0f4fb19b3eb4b984bfbbe3a4a5750dbb86494d674941777a090414

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 152
Expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
122 B 130ms
93ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 730 B
1 KB 196ms
159ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

d0711d54fa0ac5d5b783bbc9d21c919a5b98bcb7154941fb068cc4321ac94f90

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:49 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.24:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a738baa8-8694-4652-91da-55b308fea077
Server: nginx/1.13.4
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 40ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:47 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 67ms
21ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=4535c32c443ebbd&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 68ms
22ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=46e7e7b513493f5&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 70ms
24ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=4700a2dba50c57b&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 67ms
21ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=487006b72e87547&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 67ms
22ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=uo4nuhxJikFrr3o47oeeZPL5&bidId=49254af2abdd4cd&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 67ms
22ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=6f2XVeWT9HhHNo9TDFzKK7JK&bidId=508704f7a491311&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 79ms
34ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=uo4nuhxJikFrr3o47oeeZPL5&bidId=519855b67437c4f&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 77ms
33ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=6f2XVeWT9HhHNo9TDFzKK7JK&bidId=52ec11d5e681377&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 79ms
34ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=537ea9b815dbc33&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 66ms
22ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=uo4nuhxJikFrr3o47oeeZPL5&bidId=5444a485ac39423&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 66ms
22ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=6f2XVeWT9HhHNo9TDFzKK7JK&bidId=55bdd29b0fbf774&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
997 B 421ms
372ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%2256f482e61be9085%22%2C%22imp%22%3A%5B%7B%22id%22%3A%225705e41a9968863%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2258cdf34c792b909%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2259dfd2262f8a29e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2260abe467738a08%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%226177dc7c07d40ed%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2262a0c7a4f9ffa31%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22633e26c7d27ae91%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2264d83b448db4d1b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2265520a1d682fda1%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2266f19ba0f755783%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22676cb4939e4affe%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22681236d51e3351f%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2269f395c51a2f79b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e1a5117a62e1aa056b0e776765ac8946098c16ffe9d05b18b95b4551db268ae7

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:48 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Wed, 19 Feb 2020 18:19:48 GMT

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 175 B
455 B 145ms
143ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=67c92684-1ea8-4b3e-ae35-86cb5daeb381%2Cab414e80-a94b-4f41-a7f9-240af2221e92%2C2755457e-2fab-48f0-a34d-25780af3cc4b%2C7b1e63e6-9c8e-413f-b041-ef34fa349608%2C4c1627a8-2234-44a4-8257-2bf22883bf5e%2C8725b7f9-dd9e-4b9a-88a2-fd68b2565695&nocache=1582136387692&pubcid=11b92ac2-410f-4cf3-9c17-37d91b1f05d5&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C300x250%2C300x600%7C300x250%2C300x600%7C728x90%7C300x250%2C300x600&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&auid=540959250%2C540959250%2C540959250%2C540959250%2C540959250%2C540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash: 2ef94821b68badb60db4b00b1c736f0ba12099e5f78dc2f8d57ff8ec2bf8a50d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
content-encoding: gzip
server: OXGW/16.176.1
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
482 B 436ms
383ms XHR
application/json 3.124.120.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=3.6.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tmax=1200

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.124.120.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-120-214.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
39 B 89ms
43ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 567a40476a30728d-AMS
access-control-allow-headers: origin, content-type

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
447 B 88ms
42ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 567a40476a31728d-AMS
access-control-allow-headers: origin, content-type

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 734 B
1 KB 69ms
36ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

5a98e8d4abe0c964c1dae382af85d802ddfe798395b79adbc949d1979ba0fdb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:49 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.236:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 673b9490-2c32-42f1-bbb6-cd8e9d4a1700
Server: nginx/1.13.4
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
2 KB 202ms
114ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tk_flint=pbjs_lite_v3.6.0&x_source.tid=67c92684-1ea8-4b3e-ae35-86cb5daeb381&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8627836786461516
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 634c966cf0cdfc99a9b79f1be238884f537c57b89d4690de5d07bb01735249e1

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:47 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=318
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
2 KB 206ms
118ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tk_flint=pbjs_lite_v3.6.0&x_source.tid=ab414e80-a94b-4f41-a7f9-240af2221e92&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.904834006540326
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 7b08eb7ee4c1627e249c7fdb354a4384f99eb5f2956c2f76726ad5c9138f410d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:47 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=134
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
2 KB 200ms
111ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tk_flint=pbjs_lite_v3.6.0&x_source.tid=2755457e-2fab-48f0-a34d-25780af3cc4b&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8571754545329493
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 2a0f70b7fe4be061cc5321af449fd78cdc8a07228ab5ec8589bead86e85d2669

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:47 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=369
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
2 KB 206ms
117ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tk_flint=pbjs_lite_v3.6.0&x_source.tid=7b1e63e6-9c8e-413f-b041-ef34fa349608&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9523240099796737
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: ee98dab003a387bef34ab9ad230c6093ac561bf3c2e2633be5ecca40c891fb6b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:47 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=190
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 202ms
109ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tk_flint=pbjs_lite_v3.6.0&x_source.tid=4c1627a8-2234-44a4-8257-2bf22883bf5e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.013833423696001823
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: e271892e6254ce70eedb71b12b7d59c329c0bf691b1dd12e004df69d3c59f86b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:47 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=460
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
2 KB 221ms
128ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tk_flint=pbjs_lite_v3.6.0&x_source.tid=8725b7f9-dd9e-4b9a-88a2-fd68b2565695&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.612322380999609
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 1e6573b89edde38e020a0d7cb1460a923f50a7859c696bdcddadbaabd64d3917

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:47 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=440
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1348d7cca246e765;misc=1582136387699 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1348d7cca246e765;misc=1582136387699;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1348d7cca246e765;misc=1582136387699

0
-1 B

430ms
375ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1348d7cca246e765;misc=1582136387699
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1348d7cca246e765;misc=1582136387699
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1348d7cca246e765;misc=1582136387699
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=135a77e8f6d86cad;misc=1582136387699 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=135a77e8f6d86cad;misc=1582136387699;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=135a77e8f6d86cad;misc=1582136387699

0
-1 B

429ms
374ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=135a77e8f6d86cad;misc=1582136387699
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=135a77e8f6d86cad;misc=1582136387699
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=135a77e8f6d86cad;misc=1582136387699
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=136ccf48f337988a;misc=1582136387699 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=136ccf48f337988a;misc=1582136387699;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=136ccf48f337988a;misc=1582136387699

0
-1 B

433ms
378ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=136ccf48f337988a;misc=1582136387699
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=136ccf48f337988a;misc=1582136387699
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=136ccf48f337988a;misc=1582136387699
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700

0
-1 B

160ms
105ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700

0
-1 B

162ms
108ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700

0
-1 B

173ms
119ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700

0
-1 B

170ms
116ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700

0
-1 B

173ms
119ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=142ca4af0324fb68;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=142ca4af0324fb68;misc=1582136387700;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=142ca4af0324fb68;misc=1582136387700

0
-1 B

429ms
375ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=142ca4af0324fb68;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=142ca4af0324fb68;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=142ca4af0324fb68;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700

0
-1 B

160ms
107ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=144e5279dc59f809;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=144e5279dc59f809;misc=1582136387700;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=144e5279dc59f809;misc=1582136387700

0
-1 B

422ms
369ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=144e5279dc59f809;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=144e5279dc59f809;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=144e5279dc59f809;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700

0
-1 B

160ms
107ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700

0
-1 B

170ms
117ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/ 171 KB
37 KB 1086ms
20ms Script
text/javascript 151.101.113.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0978a668d27c6fbfc9e04c76cab6787d16e796cb9ac6b4804e57adc61658db8d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:19:48 GMT
Content-Encoding: gzip
Age: 2689
X-Cache: HIT
Connection: keep-alive
Content-Length: 37740
x-amz-id-2: u5rg53oxvfvVQfhnTOIE7ko6U/7PH3uyGgT39oWFVjbJ166bItHlrIi5YMzHTjvYXiacNuIeyI8=
X-Served-By: cache-hhn4031-HHN
Last-Modified: Wed, 19 Feb 2020 17:25:05 GMT
Server: AmazonS3
X-Timer: S1582136389.779914,VS0,VE0
ETag: "c60ef0e7def090e50b533e22d7339809"
x-amz-request-id: EA89890E400640E9
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 150

GET
H2 200 twoview_bootstrap.js Show response
embed.air.tv/v1/ 3 KB
2 KB 1335ms
110ms Script
text/javascript 18.211.96.69
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.air.tv/v1/twoview_bootstrap.js?organization=9wn109mHSreSsgNR3bI3Rw
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.96.69 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-96-69.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 3ba325dfc91f0fa6db4358dbe13b0a40b94270db90c18bf8cc3de37b5999a078

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:48 GMT
content-encoding: gzip
server: nginx/1.16.1
vary: Accept-Encoding
access-control-allow-methods: GET, PATCH, POST, PUT, DELETE, OPTIONS
content-type: text/javascript
status: 200
access-control-expose-headers: Authorization,Location
cache-control: max-age=0, private, no-cache
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With

GET
H/1.1 200
OK v2 Show response
d.pub.network/floors/ 2 KB
2 KB 270ms
126ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/floors/v2?key=535desktop
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 009ae022d2db00e4941781b639e62abda03208c55cd9a4cb0c16b3cb769e7427

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:47 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 beacon.js Show response
ad-delivery.net/ 1 KB
986 B 325ms
26ms Script
application/x-javascript 13.35.253.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad-delivery.net/beacon.js
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.107 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-107.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Tue, 31 Jan 2017 15:06:54 GMT
server: AmazonS3
age: 3401
date: Wed, 19 Feb 2020 17:23:15 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: MUk-DQiiRuY-Rugv1EQZlgvrmkdR8Ax0JDw-0wiaSn7K6JYPvdwJfQ==
via: 1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
378 B 59ms
59ms XHR
text/javascript 143.204.201.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&pid=SFniSaD4FyzA7&cb=0&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_1%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_3%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=null&gdprl=%7B%22status%22%3A%22cmp-success%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA53-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: ZMq54XgChINPdyNtdCydYVelXIZf4Lo1odInCjPQdN1R_Inq_NS7Tg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 1078ms
21ms XHR
application/javascript 143.204.201.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-153.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 02:18:06 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 57703
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Wed, 08 Jan 2020 04:09:03 GMT
server: AmazonS3
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: w7tVVms0z0EIBbNwhlQQiQqzJvvM_ygbj4i9PBlyYmtYnAM9pz3rZQ==

GET
DATA 200
OK truncated
/ 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 139 B
320 B 464ms
146ms Script
text/plain 52.54.227.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=469&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&c_ivt=0&connatix_sess=3gk-jg7LziqBNo4SGJqZMwap1IVIkksttlJMEpR1wxF-6ltHuZ-Il1Z4V_vA8Svie-8VCnFazi0M9wTa7sdI4WFz8eeVXbB62gmzi79wmbL_JyS91ecHE8qU0AaE8jvruSzEyppHVilx7WeK1g1qndJylRYquAudvGUgIML-gU1C1HSYMD9bYHphviuxWH3p&notServed=false&xplr=true&c_s=false&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&gdpr=1&is_ccpa_b=false&med_id=639404&req_no=0&v=1&c_pt=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&c_v=1898_1_0_0_0&spp=1&callback=cnxJSONP_4d47470e264c1d7d13191582136387871
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.227.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-227-62.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: 0e6f43cdccf156427104a912ce6b54f94b4ff0c5e55b1a485e271d76da570234

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:48 GMT
Content-Encoding: gzip
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 132

GET
H2 200 395.jpg
i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/ 25 KB
25 KB 32ms
24ms Image
image/jpeg 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/395.jpg?mode=stretch&connatiximg=true&scale=both&height=469&width=834
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3e5df247c0a91ea4199dd4788c49899eb5baa010daf43ac5fb5c3ba57e107456

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 59309
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1582136388.889992,VS0,VE0
access-control-allow-origin: *
content-length: 25480
x-served-by: cache-sjc10023-SJC, cache-hhn4044-HHN

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/c9ec44c5-2ab2-4f2d-859d-c28e706de860/ 31 KB
31 KB 30ms
22ms Image
image/jpeg 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/c9ec44c5-2ab2-4f2d-859d-c28e706de860/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8fe15fef12dc6001af0ffd0a5e0e230f2a793867fcc21c88b6aff710faabc7c8

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 59309
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1582136388.889087,VS0,VE0
access-control-allow-origin: *
content-length: 31246
x-served-by: cache-sjc10045-SJC, cache-hhn4044-HHN

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/f4e964ee-c7b2-46e5-8cc9-22b584ebdecf/ 47 KB
48 KB 45ms
37ms Image
image/jpeg 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/f4e964ee-c7b2-46e5-8cc9-22b584ebdecf/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 123f7ed23b11381696d7f037c4a30e0dec80ac5a322bc13ee6be1450e265a2f1

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 59309
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1582136388.891863,VS0,VE1
access-control-allow-origin: *
content-length: 48575
x-served-by: cache-sjc10028-SJC, cache-hhn4044-HHN

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/8eefa5c3-bfa9-49ab-981e-3871024252fb/ 35 KB
35 KB 41ms
33ms Image
image/jpeg 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/8eefa5c3-bfa9-49ab-981e-3871024252fb/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: db90d738b170372e5d64d4eb73f3cc43af957cfef573bc4cbba9f29ceceeebd5

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 59309
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1582136388.889959,VS0,VE1
access-control-allow-origin: *
content-length: 36002
x-served-by: cache-sjc10020-SJC, cache-hhn4044-HHN

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/6ec4edbb-9fd2-4d2c-927a-1274b2a07b07/ 33 KB
33 KB 34ms
26ms Image
image/jpeg 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/6ec4edbb-9fd2-4d2c-927a-1274b2a07b07/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3811763c19fe0e22b8cc970bffe4160a6653364a3c220fa3b6ad467c4b29d85c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 59309
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1582136388.889974,VS0,VE1
access-control-allow-origin: *
content-length: 33849
x-served-by: cache-sjc10020-SJC, cache-hhn4044-HHN

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/aa68f589-ac1d-4cb9-886b-c8ff89c52279/ 61 KB
61 KB 31ms
23ms Image
image/jpeg 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/aa68f589-ac1d-4cb9-886b-c8ff89c52279/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 28ee9d9be5885717957a93f808998e5a98ccce77217576b72dfdbf2dd9a6f8fb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 59308
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 16
accept-ranges: bytes
x-timer: S1582136388.889969,VS0,VE0
access-control-allow-origin: *
content-length: 61980
x-served-by: cache-sjc10043-SJC, cache-hhn4044-HHN

GET
H2 200 bleeping-computerlogo-lg.png
www.bleepstatic.com/logos/ 7 KB
7 KB 23ms
22ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/logos/bleeping-computerlogo-lg.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
cf-cache-status: HIT
age: 492803
cf-polished: origFmt=png, origSize=15281
status: 200
content-disposition: inline; filename="bleeping-computerlogo-lg.webp"
cf-bgj: imgq:85
content-length: 7156
last-modified: Wed, 07 Jan 2015 22:52:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 567a40484ec4d915-AMS
expires: Sun, 15 Mar 2020 01:26:24 GMT

GET
H2 200 0_th_1.jpg
i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/ Frame 3837 23 KB
23 KB 22ms
21ms Image
image/jpeg 151.101.114.217
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/0_th_1.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 19 Feb 2020 18:19:47 GMT
via: 1.1 varnish, 1.1 varnish
age: 15186606
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1582136388.914431,VS0,VE1
access-control-allow-origin: *
content-length: 23507
x-served-by: cache-sjc3139-SJC, cache-hhn4044-HHN

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 488ms
129ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e4a746af4be65e364ef0ff9f8bd0d502628f6f6dfb1ee0829d6aacc70c7d253

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:48 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2

302

ADTECH;apid=1A69673346-5344-11ea-a43f-1283af18fee8;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A69673346-5344-11ea-a43f-1283af18fee8;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1...

0
-1 B

105ms
105ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A69673346-5344-11ea-a43f-1283af18fee8;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A69673346-5344-11ea-a43f-1283af18fee8;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A69673346-5344-11ea-a43f-1283af18fee8;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A698ec7f8-5344-11ea-9d82-12f0dd10f918;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698ec7f8-5344-11ea-9d82-12f0dd10f918;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1...

0
-1 B

364ms
364ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698ec7f8-5344-11ea-9d82-12f0dd10f918;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698ec7f8-5344-11ea-9d82-12f0dd10f918;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698ec7f8-5344-11ea-9d82-12f0dd10f918;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A69908d0e-5344-11ea-89a8-122675b00be4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908d0e-5344-11ea-89a8-122675b00be4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1...

0
-1 B

379ms
378ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908d0e-5344-11ea-89a8-122675b00be4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908d0e-5344-11ea-89a8-122675b00be4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908d0e-5344-11ea-89a8-122675b00be4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A6991bfb2-5344-11ea-9be9-12a08556f668;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A6991bfb2-5344-11ea-9be9-12a08556f668;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1...

0
-1 B

386ms
386ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A6991bfb2-5344-11ea-9be9-12a08556f668;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A6991bfb2-5344-11ea-9be9-12a08556f668;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A6991bfb2-5344-11ea-9be9-12a08556f668;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A69908336-5344-11ea-a4cd-126de4777bf4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908336-5344-11ea-a4cd-126de4777bf4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1...

0
-1 B

377ms
377ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908336-5344-11ea-a4cd-126de4777bf4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908336-5344-11ea-a4cd-126de4777bf4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908336-5344-11ea-a4cd-126de4777bf4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A698f4e30-5344-11ea-8bbf-12380fdf0cb2;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698f4e30-5344-11ea-8bbf-12380fdf0cb2;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1...

0
-1 B

366ms
366ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698f4e30-5344-11ea-8bbf-12380fdf0cb2;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698f4e30-5344-11ea-8bbf-12380fdf0cb2;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698f4e30-5344-11ea-8bbf-12380fdf0cb2;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A6967a43e-5344-11ea-a61d-1212911483a0;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A6967a43e-5344-11ea-a61d-1212911483a0;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1...

0
-1 B

105ms
105ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A6967a43e-5344-11ea-a61d-1212911483a0;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A6967a43e-5344-11ea-a61d-1212911483a0;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A6967a43e-5344-11ea-a61d-1212911483a0;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1A6967cd7e-5344-11ea-8255-12569b584e72;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;cfp=1;rndc=1582136386;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A6967cd7e-5344-11ea-8255-12569b584e72;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1...

0
-1 B

109ms
108ms

XHR

152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A6967cd7e-5344-11ea-8255-12569b584e72;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A6967cd7e-5344-11ea-8255-12569b584e72;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:47 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A6967cd7e-5344-11ea-8255-12569b584e72;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 tag Show response
slckg-phfiv.ads.tremorhub.com/ad/ Frame 3837 119 B
462 B 485ms
308ms XHR
text/xml 2600:1f18:612b:4264:99e0:7fe3:6615:bfea
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://slckg-phfiv.ads.tremorhub.com/ad/tag?adCode=slckg-bwjaw&playerWidth=834&playerHeight=469&playerPosition=1&mediaTitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&mediaDesc=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&mediaId=639404&mediaUrl=&srcPageUrl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&contentLength=30&gdpr=1&gdpr_consent=&schain=1.0,1!connatix.com,102734,1,,,,
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:99e0:7fe3:6615:bfea Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
status: 200
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: text/xml;charset=UTF-8

GET
H/1.1 200
OK p
sb.scorecardresearch.com/ Frame 3837 43 B
309 B 28ms
28ms Image
image/gif 104.85.250.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1582136387911&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=30000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1582136387912&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&c8=&c9=&cs_ucfr=0
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.85.250.71 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-85-250-71.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:47 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 145 B
323 B 482ms
159ms Script
text/plain 52.54.227.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&c_ivt=0&connatix_sess=3gk-jg7LziqBNo4SGJqZMwap1IVIkksttlJMEpR1wxF-6ltHuZ-Il1Z4V_vA8Svie-8VCnFazi0M9wTa7sdI4WFz8eeVXbB62gmzi79wmbL_JyS91ecHE8qU0AaE8jvruSzEyppHVilx7WeK1g1qndJylRYquAudvGUgIML-gU1C1HSYMD9bYHphviuxWH3p&notServed=false&xplr=true&c_s=false&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&gdpr=1&is_ccpa_b=false&med_id=639404&req_no=1&v=2&c_pt=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&c_v=1898_1_0_0_0&spp=1&callback=cnxJSONP_2eb60a0efa9dcda262031582136387915
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.227.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-227-62.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: f54f8d66d10d78105505d3e943182f25a13dddf41b3da86bd68e53cb7b78b00a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:48 GMT
Content-Encoding: gzip
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 135

GET
H/1.1 200
OK r
trk.connatix.com/ Frame 3837 0
162 B 687ms
109ms Image
text/plain 52.21.193.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/r?connatix_sess=3gk-jg7LziqBNo4SGJqZMwap1IVIkksttlJMEpR1wxF-6ltHuZ-Il1Z4V_vA8Svie-8VCnFazi0M9wTa7sdI4WFz8eeVXbB62gmzi79wmbL_JyS91ecHE8qU0AaE8jvruSzEyppHVilx7WeK1g1qndJylRYquAudvGUgIML-gU1C1HSYMD9bYHphviuxWH3p&videoID=639404&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&c_v=1898_1_0_0_0&spp=1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.193.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-193-116.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:48 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

GET
H2 200 / Show response
audit.quantcast.mgr.consensu.org/ 80 B
487 B 1341ms
22ms XHR
text/html 143.204.202.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit.quantcast.mgr.consensu.org/?log=;1582136387967;BleepingComputer.com;https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063;;;;;p,off,false,,1,en,29,189,true,false,false;displayConsentUi:mandatory,;GDPR-hbhwc3ao4sojld8l16lw
Requested by: Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v29/cmpui-popup.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.202.117 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-202-117.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 03:00:25 GMT
via: 1.1 1cc446ef4692d8e752b16c07f2f58a59.cloudfront.net (CloudFront)
vary: Origin
age: 55165
x-cache: Hit from cloudfront
status: 200
content-length: 80
last-modified: Mon, 11 Jun 2018 22:07:34 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: 3RRJmz2O8HMibBCazFEFZah0O23gCP39pbRQPF2hio3K1UvTv3O0Zw==

GET
H2 200 ADTECH;apid=1A69673346-5344-11ea-a43f-1283af18fee8;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 606 B
737 B 187ms
186ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1A69673346-5344-11ea-a43f-1283af18fee8;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=137c026fea957344;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 8c5dcc91f3552df52e7ffb166b3664b7d92c2ea30c1034607e4ca2524996ea98

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A6967a43e-5344-11ea-a61d-1212911483a0;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 605 B
760 B 164ms
164ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1A6967a43e-5344-11ea-a61d-1212911483a0;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=139468911b22cccc;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: c6e7a125f2d9f74e2da4971e0759694a73dbfc0814177959f4ae7379e5d02f2a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A6967cd7e-5344-11ea-8255-12569b584e72;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ 605 B
736 B 444ms
443ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A6967cd7e-5344-11ea-8255-12569b584e72;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=14139788b2bc80a1;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 62673d192d373a865458bff36d8e024667d3e7c6ebf792c57e95dec5c92b884a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=144e5279dc59f809;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 605 B
736 B 163ms
162ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=144e5279dc59f809;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: cfad9109f4403206c55334e205956bbbfb7268900d7440e8f1a5a1222ba1e0d2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=135a77e8f6d86cad;misc=1582136387699 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 606 B
737 B 195ms
195ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=135a77e8f6d86cad;misc=1582136387699
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 9347fe33d76936db0b551bfbf2b8a4d0f77e37f4a066848b8692738ac46d6adb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1348d7cca246e765;misc=1582136387699 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 606 B
737 B 188ms
188ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=1348d7cca246e765;misc=1582136387699
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: c702e8e81df3c39eae86a183d228d1bb65f7347356c58db7bc06f4bd9a3d184a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=142ca4af0324fb68;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ 605 B
736 B 156ms
156ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=142ca4af0324fb68;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 744e13d0572159405f5d2ed9cef103e95e2c7b7e2d7f4e7110096886a858a616

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=136ccf48f337988a;misc=1582136387699 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 605 B
736 B 171ms
171ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=136ccf48f337988a;misc=1582136387699
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: ce8599e6ac44e9c37e9e9447e9e0cfef10ebfbe017f851af4117b7c87aae242c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK jquery.color-2.1.2.min.js Show response
cluster-na.cdnjquery.com/color/ 92 B
356 B 623ms
281ms Script
text/javascript 52.1.207.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=btjsonpcallback1582136388165&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063%22%2C%22aa%22%3A3%2C%22pgid%22%3A%22692d0704-5344-11ea-a586-c75e6f00d9b0%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&csVersion=1.21.37&clearThroughOptions=undefined

Requested by

Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.207.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-207-152.compute-1.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

696a93e45236b0d3674df0e012ed2581b36ca92473a5569d67542c94387ddf12

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:19:48 GMT
Content-Encoding: gzip
Server: nginx/1.12.1
ETag: W/"5c-j2Dx+s0+o4Y7RkYvSTLgSLzvn/8"
X-Frame-Options: DENY
Content-Type: text/javascript; charset=utf-8
Charset: utf8
Connection: keep-alive
Content-Length: 84

GET
H2 200 px.gif
ad-delivery.net/ 43 B
384 B 21ms
20ms Image
image/gif 13.35.253.107
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.7823756277130247
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.107 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-107.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-amz-version-id: null
via: 1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)
last-modified: Thu, 27 Jul 2017 18:59:05 GMT
server: AmazonS3
age: 76802
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache: Hit from cloudfront
content-type: image/gif
status: 200
date: Wed, 19 Feb 2020 11:59:44 GMT
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 43
x-amz-cf-id: 6o3wFc8_isl1Hd0RPw4H3xbIVx_DLkgv8Cf0_U_Ox8waKb64B9q9DQ==

GET
H2 200 48.008759e9efe1c1b693dd.js Show response
s7.addthis.com/static/ 281 B
486 B 25ms
25ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/48.008759e9efe1c1b693dd.js

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-119"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Wed, 19 Feb 2020 18:19:48 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 246

GET
H2 200 / Show response
graph.facebook.com/ 300 B
409 B 67ms
45ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_a9vw0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9fb213a77eebf427a1830345beb8bd6821e855c32e8fdfc3c8ee335bf81edb31

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Wed, 19 Feb 2020 18:19:48 GMT, Wed, 19 Feb 2020 18:19:48 GMT
x-fb-rev: 1001729534
alt-svc: h3-24=":443"; ma=3600
content-length: 206
pragma: no-cache
x-fb-debug: 5GJpH9wjCQbZP/OXBVwHmFDjnDVfXM4Cwgj8wP6bwRMDMIOQwvCkU0A9civRuV9Lga2WYRpJ6MFrpz075FeX2w==
x-fb-trace-id: Fed620yJOPm
etag: "c65a8419592b444749ca657d5e0b20450d8efaf4"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AtF-MGNAH2OsvbKY3a3NYsl
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.12
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 info.json Show response
www.reddit.com/api/ 126 B
669 B 183ms
136ms Script
application/javascript 151.101.13.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&jsonp=_ate.cbs.rcb_528s0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.13.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

b3ddcffbf7535d59a7af792ec9e42acec4ec3d0c37ce9541ce8355cf63a64311

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:48 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 200
x-cache-hits: 0
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 126
x-xss-protection: 1; mode=block
x-served-by: cache-fra19151-FRA
x-moose: majestic
server: snooserv
x-timer: S1582136388.292937,VS0,VE113
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
expires: -1

GET
H2 200 / Show response
graph.facebook.com/ 139 B
594 B 59ms
37ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_1ml0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f669d4dcd7c10aa6dee1c64c0b7f2820e9fc678f345cbe9b5f37b65a57806f8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=15552000; preload
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Wed, 19 Feb 2020 18:19:48 GMT, Wed, 19 Feb 2020 18:19:48 GMT
x-fb-rev: 1001729534
alt-svc: h3-24=":443"; ma=3600
content-length: 139
pragma: no-cache
x-fb-debug: AOG3KpGtpTs67eFvr9tlrLhtcBAX4ctV+X/LJSG0z0a/FfB/G8HaJCY0097U4E99irdxEUTxooqUTfSgDsiUPQ==
x-fb-trace-id: A1e+XuMD2BE
etag: "231fd4cf9a7ff0c62004e276ce0db962a7e52e8a"
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AaBMTGvWx3MvSc0BqARxI4f
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.12
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 info.json Show response
www.reddit.com/api/ 126 B
259 B 173ms
150ms Script
application/javascript 151.101.13.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&jsonp=_ate.cbs.rcb_5fr90

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.13.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

96d52fe1220ce59bcb0ae8cb73f498df4d546a89cc51fb1daf48619a92852718

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:48 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 200
x-cache-hits: 0
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 126
x-xss-protection: 1; mode=block
x-served-by: cache-fra19151-FRA
x-moose: majestic
server: snooserv
x-timer: S1582136388.292884,VS0,VE127
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
expires: -1

GET
H2 200 ADTECH;apid=1A698ec7f8-5344-11ea-9d82-12f0dd10f918;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ 606 B
737 B 212ms
211ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698ec7f8-5344-11ea-9d82-12f0dd10f918;cfp=1;rndc=1582136387;v=2;cmd=bid;cors=yes;alias=143cda2ae7d21599;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: fcea85292584ce2fdfc3391dd6d5213a6406af0402c3b591eb8a9c744d048137

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A698f4e30-5344-11ea-8bbf-12380fdf0cb2;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ 606 B
737 B 200ms
200ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;apid=1A698f4e30-5344-11ea-8bbf-12380fdf0cb2;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1465870550bc7dc5;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: e3f24b56b7437da2e8c634fae74aae601398104115d1cb36252f2532e1b6a2ba

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A69908336-5344-11ea-a4cd-126de4777bf4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ 605 B
736 B 159ms
158ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908336-5344-11ea-a4cd-126de4777bf4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=140ea15c9e64a24f;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 186b22e3ebcdeb9d26926340c1058d27bf5b19f0ff1b9edcbb98450d6bb5e1e2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A69908d0e-5344-11ea-89a8-122675b00be4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ 606 B
737 B 226ms
225ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;apid=1A69908d0e-5344-11ea-89a8-122675b00be4;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=14538b4482062dfc;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 3998b3b5f8fb1ed7c7f2e1edc372934e62600bf2a742376d2d14a21906ff7ba6

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1A6991bfb2-5344-11ea-9be9-12a08556f668;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 604 B
735 B 187ms
187ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1A6991bfb2-5344-11ea-9be9-12a08556f668;cfp=1;rndc=1582136388;v=2;cmd=bid;cors=yes;alias=1385fb9c6a6d762c;misc=1582136387700
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 308c4e6d88f04a969461e675d667aaa91743f6735b6ea0dce138fdbb7b1d3bda

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 604
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 tag Show response
slckg-phfiv.ads.tremorhub.com/ad/ Frame 3837 119 B
462 B 145ms
144ms XHR
text/xml 2600:1f18:612b:4264:99e0:7fe3:6615:bfea
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://slckg-phfiv.ads.tremorhub.com/ad/tag?adCode=slckg-nac38&playerWidth=834&playerHeight=470&playerPosition=1&mediaTitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&mediaDesc=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&mediaId=639404&mediaUrl=&srcPageUrl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&contentLength=30&gdpr=1&gdpr_consent=&schain=1.0,1!connatix.com,102734,1,,,,
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:99e0:7fe3:6615:bfea Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
status: 200
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: text/xml;charset=UTF-8

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 111 KB
16 KB 537ms
536ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2679631808844855&correlator=614378334825573&output=ldjh&impl=fifs&adsid=NT&eid=21065556%2C21062452%2C21062889%2C21065305&vrg=2020021101&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200219&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_1x1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7&prev_iu_szs=728x90%7C970x90%7C970x250%2C728x90%7C970x90%7C970x250%2C300x250%7C300x600%2C300x250%7C300x600%2C728x90%2C1x1%2C300x250%7C300x600&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7C%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1582069417&dt=1582136388513&dlt=1582136386807&idt=845&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C436%2C1082%2C1082%2C268%2C800%2C1082&adys=146%2C8029%2C327%2C1134%2C6598%2C8535%2C1659&adks=960084856%2C976516616%2C771041174%2C2389526111%2C4047242158%2C2635258439%2C523518761&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&dssz=58&icsg=35184541966336&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1170x120%7C1200x90%7C306x250%7C306x250%7C834x90%7C1600x8536%7C306x250&msz=1170x90%7C1170x90%7C306x250%7C306x250%7C834x90%7C1600x1%7C306x250&ga_vid=576930721.1582136387&ga_sid=1582136387&ga_hid=1286602131&fws=4%2C4%2C4%2C4%2C4%2C4%2C516&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js?21065556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

a423a40202e954a79683b3ab518239dcf0e3c2e1ea6a0c786824056ba8a42deb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15686
x-xss-protection: 0
google-lineitem-id: -2,-2,-1,-1,-2,4893662829,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2,-1,-1,-2,138254592126,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020021101.js Show response
securepubads.g.doubleclick.net/gpt/ 66 KB
24 KB 32ms
32ms Script
text/javascript 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js?21065556

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js?21065556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

2833cc2a0284a7f438e5d735cf1bbaa97f98f4303ef534e38a492f5b0b1a38f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 Feb 2020 14:21:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24889
x-xss-protection: 0
expires: Wed, 19 Feb 2020 18:19:48 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 20ms
6ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js?21065556
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

GET
H/1.1 200
OK p
sb.scorecardresearch.com/ Frame 3837 43 B
309 B 28ms
28ms Image
image/gif 104.85.250.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1582136387911&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=638&ns_st_cl=30000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=638&ns_st_dpt=638&ns_st_ipt=638&ns_st_et=638&ns_st_det=638&ns_st_upc=638&ns_st_dupc=638&ns_st_iupc=638&ns_st_upa=638&ns_st_dupa=638&ns_st_iupa=638&ns_st_lpc=638&ns_st_dlpc=638&ns_st_lpa=638&ns_st_dlpa=638&ns_st_pa=638&ns_ts=1582136388550&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&c8=&c9=&cs_ucfr=0
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.85.250.71 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-85-250-71.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:48 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 tag Show response
slckg-phfiv.ads.tremorhub.com/ad/ Frame 3837 119 B
462 B 175ms
175ms XHR
text/xml 2600:1f18:612b:4264:99e0:7fe3:6615:bfea
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://slckg-phfiv.ads.tremorhub.com/ad/tag?adCode=slckg-wc2tk&playerWidth=834&playerHeight=470&playerPosition=1&mediaTitle=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&mediaDesc=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&mediaId=639404&mediaUrl=&srcPageUrl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&contentLength=30&gdpr=1&gdpr_consent=&schain=1.0,1!connatix.com,102734,1,,,,
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:99e0:7fe3:6615:bfea Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:48 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
status: 200
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: text/xml;charset=UTF-8

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
2 KB 145ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 989bddac66b3270aa14cbc389e8c7868f11c483b98e54ee5d6a8c892a07fd8ad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:48 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 907

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gpt/202002111741/ 94 KB
32 KB 21ms
21ms Script
application/javascript 151.101.113.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5cc925a803eea0cf13c9dbc56a885d897a93429a7982412fd0bac3653e36936d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:19:48 GMT
Content-Encoding: gzip
Age: 280
X-Cache: HIT
Connection: keep-alive
Content-Length: 32593
x-amz-id-2: fk17vI3G+bl9jendp357Qd+Jp4QCnTaPHmc7smsQE3UWHRkg7CE5IeNZ/cBAw2GamnjTTMTQg6k=
X-Served-By: cache-hhn4031-HHN
Last-Modified: Thu, 13 Feb 2020 21:03:49 GMT
Server: AmazonS3
X-Timer: S1582136389.828121,VS0,VE0
ETag: "cac43688d7889ff31926c5bf63262683"
x-amz-request-id: 552F12698A03D2F9
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 246

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/prebid/202002111741/ 37 KB
14 KB 48ms
19ms Script
application/javascript 151.101.113.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/prebid/202002111741/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 54a5f6b6e229bcae1a84f6c08614287d0770c96b7d2cfeffe9da6c6c90df2364

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 19 Feb 2020 18:19:48 GMT
Content-Encoding: gzip
Age: 288
X-Cache: HIT
Connection: keep-alive
Content-Length: 13451
x-amz-id-2: DfNMQr58CcxGDUNJNSyuQpv41D2teSZefFkA7I7IhsocDLEp985rdhWuMa5+LmtaYM3yYBwnaMg=
X-Served-By: cache-hhn4031-HHN
Last-Modified: Thu, 13 Feb 2020 21:03:50 GMT
Server: AmazonS3
X-Timer: S1582136389.855087,VS0,VE0
ETag: "c719a162b103ae2c7d189335197ab2f8"
x-amz-request-id: BC333502F8299EE5
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 1057

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 4911 421 KB
94 KB 124ms
42ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:48 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136388.dop001.wa1.t,1582136388.cds002.wa1.hn,1582136388.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144758
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 twoview-1.0.js Show response
cdn-sp-s3.air.tv/airtv.js/v/2020-02-07_17-20-20/ 336 KB
78 KB 122ms
40ms Script
application/javascript 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-sp-s3.air.tv/airtv.js/v/2020-02-07_17-20-20/twoview-1.0.js
Requested by: Host: embed.air.tv
URL: https://embed.air.tv/v1/twoview_bootstrap.js?organization=9wn109mHSreSsgNR3bI3Rw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c2b205bc9795a985bcb724634de579ea1e0a4fb886fd0a8e795c127341115153

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: gzip
last-modified: Sat, 08 Feb 2020 01:21:43 GMT
server: AmazonS3
x-amz-request-id: C48FB416B574B598
etag: "a2e809e84e9c922e2abb065a6c0d3449"
x-hw: 1582136389.cds002.wa1.hn,1582136389.cds005.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=31556926
accept-ranges: bytes
access-control-allow-origin: *
content-length: 79364
x-amz-id-2: Kra7+G786bCpwjP1VEZSqkAhkC0+lD3rcMWLrgIEOq2NH7ALs7yPibhAZnZH23s/N9b6nBshTeE=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 4911 29 KB
8 KB 76ms
18ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497703
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4911 159 B
1015 B 21ms
20ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

410eac8d74c8e3b1f054a5f82514c8b654b0263eabcf95a801b856899dfac9b4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.80:80
AN-X-Request-Uuid: bc3fedb3-f152-4a4e-afc4-ed5018bcb499
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 159
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 4911 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:49 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 4911 44 B
671 B 352ms
43ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%22664c55b9%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=664c55b9-c0b6-4846-92be-ba7288cddb16&pv=664c55b9-c0b6-4846-92be-ba7288cddb16&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

69d6be8ea3ed63e26b60ba72b3fb686af47e1a91f94a2c18b79f40feae98153e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:49 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4911 160 B
1017 B 18ms
17ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

3e28be919e0b2fda30eead30e124ad16a157e995da4bc4ab2523da84670d8f78

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.141:80
AN-X-Request-Uuid: ed943f98-1cd6-4c9d-b783-6f6de3650699
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
377 B 57ms
57ms XHR
text/javascript 143.204.201.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&pid=S9RkUAzxTfE7y&cb=1&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=null&gdprl=%7B%22status%22%3A%22cmp-success%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: 89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA53-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: Ejb5N1k9UU35DgNFW3b7GdUcWmMIgme4tI9b-4CuR9YY5imhRBzZ_Q==

POST
H/1.1 200
OK auction Show response
prebid.pub.network/openrtb2/ 148 B
433 B 241ms
241ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/openrtb2/auction
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 5a1b32fb7f961ce3e67112121c149aa1bdb06e1ede8c7cfa84a952f3662055f1

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 152
Expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 61ms
52ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

11e878bf8373be99244aac6611efbdc52f8377001e2a4729f5065fddfe4db0ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.185:80
AN-X-Request-Uuid: 859fdea4-3c26-405b-ad7b-9b6872ab59d5
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 22ms
21ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=155c194aaf692f62&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 22ms
22ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=1561848bca8402a7&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 13ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:49 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 69ms
60ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

48315b5f67940547ef1013c306f32b8798d18bcac1b3b2e9136abd6916ea82a4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.41:80
AN-X-Request-Uuid: 4c53be0c-d11d-4b9a-9ae5-93f027f152ec
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
66 B 47ms
47ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
167 B 38ms
38ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 567a404fe9a3728d-AMS
access-control-allow-headers: origin, content-type

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 175 B
366 B 210ms
210ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=f0c36b27-4d12-4b64-bfc5-4b9df22bad7d&nocache=1582136389101&pubcid=11b92ac2-410f-4cf3-9c17-37d91b1f05d5&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF&auid=540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash: 0647aa5d7bbc26ee295f875f2f1376fb16b1eaf66b23b0c9b182278e9de15792

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: gzip
server: OXGW/16.176.1
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=184fc6839a3220e4;misc=1582136389101; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 605 B
736 B 207ms
206ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=184fc6839a3220e4;misc=1582136389101;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 1c4873b593123dd28e54138604b6b9edb204062fb033b836c82228226580ec66

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=1851393813a7835;misc=1582136389101; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 605 B
736 B 178ms
178ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1851393813a7835;misc=1582136389101;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: a1060ccd00ac1a331996599f103841cf20abcbbdf1e2872273459c035f1a65c4

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=18695d1baf454eb2;misc=1582136389101; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 606 B
760 B 174ms
174ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=18695d1baf454eb2;misc=1582136389101;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 01a44b6f480599d907e3aa5be13c171ad17ba714af3c79ba0f27d5a45cff0a77

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
1 KB 169ms
169ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%2217382e84d16a0ed8%22%2C%22imp%22%3A%5B%7B%22id%22%3A%221748c4aadfa97203%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22175ba9fb3687aa9e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221764606c2e1a78e6%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 863546a1d85087063b9e40f29e04d8d27a82ad784733eea300c6ffaf4f45564e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:49 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Wed, 19 Feb 2020 18:19:49 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
546 B 175ms
175ms XHR
application/json 3.124.120.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.124.120.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-120-214.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
x-auction-status: 12, 12, 12, 12
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
1 KB 109ms
109ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tk_flint=pbjs_lite_v3.6.0&x_source.tid=f0c36b27-4d12-4b64-bfc5-4b9df22bad7d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5401850994893125
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 2adbba94155c76a5fa673f875a0dda77ea4745012fcac7f3e89147f7f664b70f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:49 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=467
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
378 B 52ms
52ms XHR
text/javascript 143.204.201.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&pid=QfxTkdYnXu9XM&cb=2&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=null&gdprl=%7B%22status%22%3A%22cmp-success%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: 5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA53-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: DKcLGiJwootKQF9iDnLIOEWuXfTTQUNdle3TGAybCvhkP5VzDWkjDQ==

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ 20 KB
7 KB 49ms
23ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js?21065556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c64f16129178950ae198a21630de846ac0cef148890d92ca07ea212bc39834

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13339
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7146
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "07f1c9366dde68a2"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:30 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ Frame 13CE 201 KB
55 KB 49ms
26ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

083e70abc61231f062f9e884cbcfebf44d3b037acf0e5e7ee13cc13f2af4b877

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13337
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55761
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42fd90c4a26735e9"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:32 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame 13CE 15 KB
6 KB 45ms
23ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-ad-exit-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6368c6eab420dd270dd53602b62f1c2a61b0ee2bda36d38771b750ae1e1c90

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13335
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5593
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aa7eb294edd014c3"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:34 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame 13CE 91 KB
27 KB 42ms
20ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-analytics-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7817d24fae48a7de4fbe7af59036b89f5878161d346948494dc40fb408ff83bd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13343
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27995
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "36e3f5a5b317a234"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:26 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame 13CE 3 KB
1 KB 44ms
22ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-fit-text-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33f5e031d6755d3d5e90bef966097c568dacd3e83905f4f474ccc76b9b335293

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13343
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1fa9dc6a9a4f200a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:26 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame 13CE 46 KB
15 KB 41ms
19ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-form-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fefd977a8ac715eb04b55cc9eb25d11ae09e6e5b4a95791ba0a2ae51b7903387

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13335
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14831
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "111f1ad9a076d4e5"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:34 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 13CE 5 KB
764 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 19 Feb 2020 18:19:49 GMT
server: ESF
date: Wed, 19 Feb 2020 18:19:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 Feb 2020 18:19:49 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 13CE 5 KB
718 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 19 Feb 2020 18:19:49 GMT
server: ESF
date: Wed, 19 Feb 2020 18:19:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 Feb 2020 18:19:49 GMT

GET
DATA 200
OK truncated
/ Frame 13CE 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee57bafd312f2b764b2692fb483954dab38811fc14d58c896761ae1a008c4c61

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2225613035339725144/ Frame 13CE 8 KB
8 KB 9ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2225613035339725144/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIrAIQnQEYASABLQAAAD8wrAI4nQFFAACAPw&rs=AOga4qmYL52MHSGOooQmoPq9f4bJbh8U0A

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6614eac161305e6201210710c158426c3b2ea6a4ef2c7da7fde5d236d10d0639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 03 Feb 2020 14:21:30 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2019 17:26:36 GMT
server: sffe
age: 1396699
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 7783
x-xss-protection: 0
expires: Tue, 02 Feb 2021 14:21:30 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13256797330833292739/ Frame 13CE 8 KB
8 KB 8ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13256797330833292739/downsize_200k_v1?sqp=4sqPyQSLAUKIAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-Mg8I2AQQ2AQYASABLQAAAD8&rs=AOga4qmAyS_2N6i6WVRJrhVZWLJKSmNoHw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

623ba67fdee04abb38857d8cb22124da662ae2d95d1ce5033a4df0ddcd444031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 30 Jan 2020 08:20:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 17:36:44 GMT
server: sffe
age: 1763960
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8473
x-xss-protection: 0
expires: Fri, 29 Jan 2021 08:20:29 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 13CE 0
0 37ms
36ms Image
text/html 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CvULwRHxNXo7bJdWBgQfM5IOwDK7W1YdajZXfhrAKwaGPlQEQASDa18U5YLnovoDUAaABj5SzlwPIAQbgAgCoAwHIAwqqBLUDT9A8uaVg7QKG2teygkkLqQLAtHoUx_n5R1p2p-34KqZDMLnFt826Zf270dHrv0GaQp7M30-iVySZ5Nh8P2vladlVQVLFh9dWCi0F9njb0NahZNmUBETx9vMyKHZqnRq8p_PWt8iJcLwWqRkET6vXJuUUyi9hHdc1FmPFU2wTLtaWb-jXoB0PPJP9CjehzToDRdQvK0oUZJKK49TDlB1iIERMWaumyG8cqbdhsTmx4KzGHNguTPIkN2j_-qvkOg7W4vATQWMoZb8zFjLYncUJ8Z6ynh0VCTgVPS-o33zD1-yBIjLCKc4cFo2rlTwu8MDdybPBnazM-d0BTPiE4v8WYca315v22oBdB6It2f4aG2ratImysR8JMoyltpvy6duMXSq0G-T9kO_5Zx31Z99x-mDjx5TIF13cm-t13_crrvvWgkD_f25bl0WUS9STey7x8y5VX-oQAnIvrImS99g4HfqFWYH7VsRwwQxcKkrieYMzh_cGzR8O1PNsaUh1auXctfnHyTbi6nOePYp7byyjFIVDp2XdGqaZ2MY54vQOhWjWKIlk1qIGgpyUNh_zDvONyZ7XxPHABLvCzaG0AuAEAZIFBAgEGAGSBQQIBRgEoAY3gAfZ68xoqAeOzhuoB9XJG6gHk9gbqAe6BqgH8tkbqAemvhuoB-zVG9gHAfIHBBD_ngjSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPICwHYEwKIFAM&sigh=6pfjxIpdCWA&template_id=492&tpd=AGWhJmtja5GuQEGaHbw0YADJrWbo3ccXxVc8A1qCHnSAFGPmwA
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s14-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 13CE 0
0 15ms
13ms Image
text/html 2a00:1450:4001:820::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSsuvcKCOZj5tHoLUe0pr6vmtDB94G5oFslR4DmSbOMD9DaMuJ_OK4LcqzpMAaHaBZm1W7mD1CTWoxHQCz8ppuefiFRJw
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 13CE 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 18 Feb 2020 23:33:45 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 67564
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 19 Feb 2020 23:33:45 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 13CE 295 B
522 B 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 18 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 73588
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 19 Feb 2020 21:53:21 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ Frame 3867 201 KB
55 KB 28ms
24ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

083e70abc61231f062f9e884cbcfebf44d3b037acf0e5e7ee13cc13f2af4b877

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13337
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55761
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42fd90c4a26735e9"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:32 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame 3867 15 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-ad-exit-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6368c6eab420dd270dd53602b62f1c2a61b0ee2bda36d38771b750ae1e1c90

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13335
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5593
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aa7eb294edd014c3"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:34 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame 3867 91 KB
27 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-analytics-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7817d24fae48a7de4fbe7af59036b89f5878161d346948494dc40fb408ff83bd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13343
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27995
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "36e3f5a5b317a234"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:26 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame 3867 3 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-fit-text-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33f5e031d6755d3d5e90bef966097c568dacd3e83905f4f474ccc76b9b335293

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13343
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1fa9dc6a9a4f200a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:26 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame 3867 46 KB
15 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-form-0.1.js

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fefd977a8ac715eb04b55cc9eb25d11ae09e6e5b4a95791ba0a2ae51b7903387

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 13335
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14831
x-xss-protection: 0
server: sffe
date: Wed, 19 Feb 2020 14:37:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "111f1ad9a076d4e5"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Feb 2021 14:37:34 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3867 5 KB
718 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 19 Feb 2020 18:19:49 GMT
server: ESF
date: Wed, 19 Feb 2020 18:19:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 Feb 2020 18:19:49 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3867 5 KB
718 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 19 Feb 2020 18:19:49 GMT
server: ESF
date: Wed, 19 Feb 2020 18:19:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 Feb 2020 18:19:49 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2225613035339725144/ Frame 3867 8 KB
8 KB 6ms
5ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6614eac161305e6201210710c158426c3b2ea6a4ef2c7da7fde5d236d10d0639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 03 Feb 2020 14:21:30 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2019 17:26:36 GMT
server: sffe
age: 1396699
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 7783
x-xss-protection: 0
expires: Tue, 02 Feb 2021 14:21:30 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13256797330833292739/ Frame 3867 8 KB
8 KB 7ms
5ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

623ba67fdee04abb38857d8cb22124da662ae2d95d1ce5033a4df0ddcd444031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 30 Jan 2020 08:20:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 17:36:44 GMT
server: sffe
age: 1763960
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8473
x-xss-protection: 0
expires: Fri, 29 Jan 2021 08:20:29 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3867 2 KB
3 KB 7ms
5ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 18 Feb 2020 23:33:45 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 67564
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 19 Feb 2020 23:33:45 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3867 295 B
355 B 8ms
5ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202002111741/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 18 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 73588
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 19 Feb 2020 21:53:21 GMT

GET
DATA 200
OK truncated
/ Frame 3867 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe8a3085da8e29286d2cbcae22b88c63fd2cc03ac6e33cadafba75cf15303745

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1E59 0
0 34ms
34ms Fetch
image/gif 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvjuNtWux7aFEMN278S_L2SIKNCSfRHbAty31-E8pvPzIuivAIxOANGONFd-FfEOQuIMNBRTa7FRpnHOx1hY83VLWH_L6G3E1myVX83cAXrQCu-Ieg51cbAIvfnmtHJDFUA0MqmW2WBnx2z-5G1aa6c1RkKjBwVWOqxKsPUDd1MuS3Ki8PSPSCBfxHN3P9Q6HNCYBgaDW-Z5ceOlpNYR_jHUebFupGpyVUX_RKcC2BeIdDwAMLe7MA-E5wfmHLRryEXDPUcJp2SKT6a0-awFTJjKk-_hZDmS_Q3&sig=Cg0ArKJSzOgMdBj2YPRwEAE&urlfix=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

timing-allow-origin: *
date: Wed, 19 Feb 2020 18:19:49 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1E59 71 KB
27 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b39b449a17045f6bb5867d270cf44ff0a063b377ecdb8e97d253a4241c0a291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1582037128113531"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27374
x-xss-protection: 0
expires: Wed, 19 Feb 2020 18:19:49 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
378 B 72ms
72ms XHR
text/javascript 143.204.201.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&pid=X7M9K4EgDEvez&cb=3&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=null&gdprl=%7B%22status%22%3A%22cmp-success%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: 1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA53-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: BKpQ7Jpx3kDZUQ_Vk_XyQeaEQ5f-OoQwzUeEKO3mReY-efhIY8-Mdw==

POST
H/1.1 200
OK auction Show response
prebid.pub.network/openrtb2/ 147 B
434 B 205ms
205ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/openrtb2/auction
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 31912aca99b5579054147210fd553d615cf7869d977ce990a735b8826f22d828

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 153
Expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 103ms
103ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tk_flint=pbjs_lite_v3.6.0&x_source.tid=0c19ef73-5eca-4298-a424-9719c3c90b2a&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.49007982851477205
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: fd507b0b8a80a4b3bfd5a80937e47d103ac5c96b254ef0f2629278225c074009

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:49 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=145
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 107ms
106ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

c5eb88d7bf8b356ab9267ff84ea84380f14f10dadce7cea5362890fb47aa7fc7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.69:80
AN-X-Request-Uuid: 7d04ccef-3672-46cd-a95e-675c20cf3675
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
498 B 26ms
26ms XHR
application/json 3.124.120.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.124.120.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-120-214.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
x-auction-status: 12
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
1 KB 148ms
78ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%2223556a6236b272c4%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2223614da4a6968f5d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f89b872b09eb62a3605c4beb314af7466ff5744817464229ba4dc54a35ccb025

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:49 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Wed, 19 Feb 2020 18:19:49 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:49 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
39 B 67ms
66ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 567a40507a3c728d-AMS
access-control-allow-headers: origin, content-type

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 37ms
36ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

b8bd6b641e48a4967dfe5ebcf0509aa6bb54b8b68cf99e6dcef36247158efc18

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.87:80
AN-X-Request-Uuid: f9097043-c7e5-4f47-9271-3da0fa71f6c8
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=251f41b01880a642;misc=1582136389184; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 605 B
736 B 164ms
164ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=251f41b01880a642;misc=1582136389184;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 636d6a41159082854f368156ad3f01978f76f7d7f79646dd5ac953836b14f09a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 174 B
371 B 113ms
111ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=0c19ef73-5eca-4298-a424-9719c3c90b2a&nocache=1582136389184&pubcid=11b92ac2-410f-4cf3-9c17-37d91b1f05d5&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90&divIds=bleepingcomputer_728x90_320x50_InContent_1&auid=540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash: 17f5ebc24acc5651e3909e11d3357fa414e5f0397a6acf8cf0460071cc448479

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: gzip
server: OXGW/16.176.1
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 27ms
24ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=248b99c8af31cdde&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
66 B 42ms
40ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
377 B 64ms
62ms XHR
text/javascript 143.204.201.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&pid=xV0BbOgUDFFgi&cb=4&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_3%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=null&gdprl=%7B%22status%22%3A%22cmp-success%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: 6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA53-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: t0UT5mCcQ-mEvpiEE0ZJO_h3cuw-8ydrOVXZO2x8HgAGJEAdsc1tHQ==

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3867 0
0 41ms
38ms Image
text/html 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CqSzNRHxNXu3cJdWBgQfM5IOwDK7W1YdajZXfhrAKwaGPlQEQASDa18U5YLnovoDUAaABj5SzlwPIAQbgAgCoAwHIAwqqBLUDT9ApPlksv7D6SBnngT0sFKKih3eI4YH0JuqaxPEchvev1P4vLftR1Oa-nyXOtzb24cKorM5Lubq4izvQuyiMLRlhLRDDn2lDZRjL6LwhjJYc09emcdFw7LWyVi21QI2-vzuh9l342jjL-Gs5VTTvZq7uN1QF5TY_wl8CJnnj9-TH72RynYxTVtHCgjBQcj4feAzCnla4hFhNoBSppZcUr7V2ci-mdOzT00dcOkCpX30o5aoAwAeMyauWlM-yd-4OF47FpZJhWBUWljmUtGpQG9rwdppMpo5UVys_c1y3kVKOtJRPD5PQQ57IvnRYxqoCZ6_gnr3bRK2FYien5ej3uWvG2AX6eVfMOomCg7VHol8Vulf1Ax3cX61Hl0jO8myJ5Kmkviat72uatMSvXA4qRat2zpUaUj2W6ovzUl77mQMbmCO2BSzfyk4oTMmG959EefObcGs36vs_-7QeRMvpEHbsksxfiiBkS5PlSJE3fvx-t5oyKKzRu5-LMZ0ldGx-IBXTVStlnj9tyyxrQs9O2p_xirCe-wHdHRgmsNzICuNsetYtcf2bRUMbmv9aZR7yGL1Lh9XABLvCzaG0AuAEAZIFBAgEGAGSBQQIBRgEoAY3gAfZ68xoqAeOzhuoB9XJG6gHk9gbqAe6BqgH8tkbqAemvhuoB-zVG9gHAfIHBBDhqALSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPICwHYEwKIFAM&sigh=InyeLm6rt_I&template_id=492&tpd=AGWhJmt3RxSslSG_h4VP4fJbSqTKx_btGskVsQzUo4NY4KNzGw
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s14-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3867 0
0 16ms
12ms Image
text/html 2a00:1450:4001:820::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSSh9qVv9RFAGj3n7a53q6onskmI7YH-0AHcBIjolmDs8hRlP63x20FBT-JFQSPmx7Pk95-z8_iUiZSE8YxRP5S6AiDlg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 13CE 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 19:10:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 2329758
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Fri, 22 Jan 2021 19:10:31 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 13CE 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 31 Jan 2020 23:33:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 1622770
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Sat, 30 Jan 2021 23:33:39 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 3867 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 23 Jan 2020 19:10:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 2329758
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Fri, 22 Jan 2021 19:10:31 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 3867 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 31 Jan 2020 23:33:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 1622770
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Sat, 30 Jan 2021 23:33:39 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 41ms
25ms Script
application/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: cdn-sp-s3.air.tv
URL: https://cdn-sp-s3.air.tv/airtv.js/v/2020-02-07_17-20-20/twoview-1.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

2c0884853dc57e0e429d1bec631837b0f356b5806e913f00dd2828b3f88b3b6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

POST
H/1.1 200
OK auction Show response
prebid.pub.network/openrtb2/ 147 B
433 B 178ms
178ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/openrtb2/auction
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 7d3aa84684a6ee8b4f5e58f8130a0ceba56ac7457e38bc016a20fcd599c61638

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 152
Expires: 0

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
874 B 94ms
94ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%22192f06c378e0aaf6%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22193fd7d66c480bde%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2219490ba8d3b57b58%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221953ada86ae3ab72%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 044d1cdd7d3b51de955645235d35dbece94a16d56d3b34b98cfc5387af38a534

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:49 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Wed, 19 Feb 2020 18:19:49 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=2862c6a4ee459cb6;misc=1582136389350; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 605 B
736 B 175ms
174ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=2862c6a4ee459cb6;misc=1582136389350;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: a7e97fe8585caa7d9aa1290b6691913ae46e11cbc238b3d842bc483c1648b3c8

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=2875f027ec65dbe9;misc=1582136389350; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 606 B
737 B 201ms
200ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=2875f027ec65dbe9;misc=1582136389350;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: c0646e2585b5f3d0af31352fb81fc58d51f7a996d04b1ac6d8ff0fff79946e09

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=28818841cd7d82aa;misc=1582136389350; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 606 B
737 B 153ms
153ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=28818841cd7d82aa;misc=1582136389350;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: cce87f6d90c5ac3996c4807c524fb75ca6ff63d5eef416084424d272f268353b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
39 B 53ms
53ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 567a40517b61728d-AMS
access-control-allow-headers: origin, content-type

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 174 B
367 B 97ms
97ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=e038195e-7ad2-490c-a345-a53aecd6b1e7&nocache=1582136389351&pubcid=11b92ac2-410f-4cf3-9c17-37d91b1f05d5&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_BTF&auid=540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash: 789497d06f53a6aa96cf981ee0e736ea376931749d9b803603faeec638ea5962

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: gzip
server: OXGW/16.176.1
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
1 KB 106ms
106ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tk_flint=pbjs_lite_v3.6.0&x_source.tid=e038195e-7ad2-490c-a345-a53aecd6b1e7&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9912870797611264
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 43071adbb33b30e7eaa7129745027e227d9483afe267d73b865756bb19d5578c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:49 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=429
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
66 B 50ms
50ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 36ms
36ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

5edac1b24c735b62fa26680ef34c95dfa4c155c0f36889013b691399e498ae0d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.135:80
AN-X-Request-Uuid: edd6c09b-6e53-4a66-815c-99a3d728bc29
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 26ms
26ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=213592e96b2cc371&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 25ms
25ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=214cedc284068fce&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
546 B 27ms
27ms XHR
application/json 3.124.120.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.124.120.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-120-214.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
x-auction-status: 12, 12, 12, 12
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:49 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 33ms
33ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

829ffa3929f94c38d2fe5c8772153a5293e343467e2437a2b6033d626ccb70a6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.49:80
AN-X-Request-Uuid: 1a4b674c-e77a-4ce6-9b92-6e2be1943eb9
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 3867
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

42ms
41ms

Image
text/html

2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Wed, 19 Feb 2020 18:19:49 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 342 B
239 B 205ms
205ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js?21065556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

a2a76c20abfc7b8b7082b366e91dca907e740d9ebd33e2fc2da9e02ac8b8125d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 150
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 13CE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

40ms
39ms

Image
text/html

2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Wed, 19 Feb 2020 18:19:49 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 128ms
128ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: d7087df0ce71e001e7322e421c9b676df05f74ab8f5e19762988289a094b68d9

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:49 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 335 B
225 B 322ms
322ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js?21065556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

e81e5e66998f1c13eb234f06c4f6e8899742fae9004e0edaba262eb83fef817e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 147
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2225613035339725144/ Frame 3867 8 KB
8 KB 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6614eac161305e6201210710c158426c3b2ea6a4ef2c7da7fde5d236d10d0639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 03 Feb 2020 14:21:30 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2019 17:26:36 GMT
server: sffe
age: 1396699
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 7783
x-xss-protection: 0
expires: Tue, 02 Feb 2021 14:21:30 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13256797330833292739/ Frame 3867 8 KB
8 KB 8ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

623ba67fdee04abb38857d8cb22124da662ae2d95d1ce5033a4df0ddcd444031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 30 Jan 2020 08:20:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 17:36:44 GMT
server: sffe
age: 1763960
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8473
x-xss-protection: 0
expires: Fri, 29 Jan 2021 08:20:29 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3867 2 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 18 Feb 2020 23:33:45 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 67564
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 19 Feb 2020 23:33:45 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3867 295 B
355 B 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 18 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 73588
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 19 Feb 2020 21:53:21 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflYl14TA/ 27 KB
10 KB 67ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflYl14TA/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

60111948f7ff6c6621b9183616896e465889d75bad2c797ad267aa2feedc3efa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 07:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39581
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 10243
x-xss-protection: 0
last-modified: Sat, 15 Feb 2020 00:53:13 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Thu, 27 Feb 2020 07:20:08 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2225613035339725144/ Frame 13CE 8 KB
8 KB 8ms
8ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6614eac161305e6201210710c158426c3b2ea6a4ef2c7da7fde5d236d10d0639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 03 Feb 2020 14:21:30 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2019 17:26:36 GMT
server: sffe
age: 1396699
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 7783
x-xss-protection: 0
expires: Tue, 02 Feb 2021 14:21:30 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13256797330833292739/ Frame 13CE 8 KB
8 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

623ba67fdee04abb38857d8cb22124da662ae2d95d1ce5033a4df0ddcd444031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 30 Jan 2020 08:20:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 17:36:44 GMT
server: sffe
age: 1763960
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8473
x-xss-protection: 0
expires: Fri, 29 Jan 2021 08:20:29 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 13CE 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 18 Feb 2020 23:33:45 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 67564
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 19 Feb 2020 23:33:45 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 13CE 295 B
355 B 8ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 18 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 73588
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 19 Feb 2020 21:53:21 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 4911 20 B
320 B 186ms
68ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=664c55b9-c0b6-4846-92be-ba7288cddb16-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:49 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 31ms
20ms XHR
application/json 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200213&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200213/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ea5af104f49606e74ce1fbf5801badb27acb27c52e368df7a84ce567f7540e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5208
x-xss-protection: 0

POST
H/1.1 200
OK auction Show response
prebid.pub.network/openrtb2/ 148 B
434 B 237ms
237ms XHR
application/json 35.226.134.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.pub.network/openrtb2/auction
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.226.134.247 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.134.226.35.bc.googleusercontent.com
Software: /
Resource Hash: a1e9434f8fd9571b980e6beb487d4366899764501a8e36d6786b10dcc3bac3dd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
content-encoding: gzip
Content-Type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 153
Expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
66 B 73ms
73ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:49 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
874 B 75ms
75ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%22262c68088758d8dc%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2226396971f146ca3f%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%222647818d8501ece3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 96ffec3c86050fe30342653e5195bc3a3d985792a69e4bbb9a32d6fcf12ce1c1

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:49 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Wed, 19 Feb 2020 18:19:49 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 22ms
21ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=uo4nuhxJikFrr3o47oeeZPL5&bidId=26699135a8019e9d&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 24ms
23ms XHR
text/plain 18.197.234.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=6f2XVeWT9HhHNo9TDFzKK7JK&bidId=267d0f465d1c073c&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.234.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-234-227.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 19 Feb 2020 18:19:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 47ms
47ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

47681c288066e7250f9c256dfb6d431e1985c6dded89eef186fe30b3ed4bc219

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.71:80
AN-X-Request-Uuid: c84a55fe-4ebd-46b5-b355-9f52ebc75fc1
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
39 B 40ms
40ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 567a40527c6a728d-AMS
access-control-allow-headers: origin, content-type

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 175 B
367 B 211ms
211ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=bf526be4-525a-458f-a34b-9558d8ec6c7d&nocache=1582136389508&pubcid=11b92ac2-410f-4cf3-9c17-37d91b1f05d5&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=300x250%2C300x600&divIds=bleepingcomputer_300x250_300x600_160x600_Right_3&auid=540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash: 27fe70320b1d1016578bc96203633d5afbc9d294eb9b4872b84c436e98a1cee2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: gzip
server: OXGW/16.176.1
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=289d75e3a6d3ead7;misc=1582136389509; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ 606 B
737 B 161ms
160ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185823/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=289d75e3a6d3ead7;misc=1582136389509;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: b4ca3306002fdea20ea5beed011f36e76ea935ac16099a64ad9de314203d9420

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=290b126d96681c8d;misc=1582136389509; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ 605 B
736 B 206ms
206ms XHR
application/json 152.199.22.24
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185820/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=290b126d96681c8d;misc=1582136389509;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.24 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 31d2017db886adbf0907c1b87399c16c9249cbc2a4878a7a1d424767d6aa9196

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 30ms
30ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

d3ebec5a8d8533c78a180976aae60b1c8ec9905f04e1cff4e2fde894eb054b2e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.137:80
AN-X-Request-Uuid: 3647d427-4ecd-4dce-991f-c430bdf547ff
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
1 KB 106ms
106ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&tk_flint=pbjs_lite_v3.6.0&x_source.tid=bf526be4-525a-458f-a34b-9558d8ec6c7d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9023932821509042
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: eaaba2b310c57592f2004b09fc5d6a32a7b6c49f2576937078e68210384cdad6

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:49 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=95
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
546 B 27ms
26ms XHR
application/json 3.124.120.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.124.120.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-120-214.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
x-auction-status: 12, 12, 12, 12
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 21 KB
8 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200213/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1580338855439378"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
expires: Wed, 19 Feb 2020 18:19:49 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/206/ Frame 0864 0
0 8ms
7ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/206/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4624
date: Wed, 19 Feb 2020 17:39:18 GMT
expires: Thu, 18 Feb 2021 17:39:18 GMT
last-modified: Tue, 19 Nov 2019 17:13:16 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2431
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 342 B
224 B 551ms
551ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js?21065556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

f9d4509685a6b30c3a126508fca5f73213e6005e643ce22a2d8280996e03e7a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 150
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 4911 0
217 B 190ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=664c55b9&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:49 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
123 B 14ms
14ms Image
image/gif 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=206&t=2&li=gda_r20200213&jk=2679631808844855&bg=!jY6ljpZYyyuKzbNaOR0CAAAAMVIAAAAKmQFkR3NcjIeieFcpv-H6khS_qwCzQKVNU9XIYvSI_RhNbeQhkKdmAO3XtFKiqAg_970pLpAk09rLzHd28W9YxGINALGgvbxthLa2RQQRK6GOeSBAQBGeirbVFGrgJfk0xYVfWj2Fk9dvwEjiXzdRgb4Y_vLWVwmGCnwO56vG14s-dcJfkAdQqDpwpHBgsgDeLZrGNglpwW6fPNB8xy9e35VxNG4xKwJq5whDIIPz83cfIb1FT8eXXyirYZyKGB7zQ3Zy1B8qYAXGYEF5HSIsq-c_4mj5z4UcpaxhQ2oBTkKkx2F4P1xCKa6ql-CF4_dHCNT8Pr4aUx85FbcJsJFtyPQtr41CaDosozkwfUOPynjoMPMCZB63Cz7u7uM-U3Dy0RovPy9ILwQv8Z_2clJx_tE_DOImiTunjWUvwCrxIIOwlmq6B375QK_Eh9OVz8XlMcOkJYLJpyhf_Hl-atsKDim5LBiSw8U

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:49 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 342 B
232 B 511ms
511ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js?21065556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

02c7717f1a73910920519a4ea63ff43dd4413989ddb3fdf879862c18de4f8f49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 19 Feb 2020 18:19:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 154
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
38ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bc9beab5890f65386d7f1aeddfbb9c9144fa79c09da7afda82cce10326c76467

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:49 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 936

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 121ms
120ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: d7087df0ce71e001e7322e421c9b676df05f74ab8f5e19762988289a094b68d9

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:49 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame B0F2 421 KB
94 KB 40ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:49 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136389.dop001.wa1.t,1582136389.cds002.wa1.hn,1582136389.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144757
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame B0F2 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497703
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B0F2 160 B
1017 B 20ms
19ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

e43939dee38241caf8e3d3c0a448c4727f9fb14bc0ebab4b206a5c9bbe6beb6d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.230:80
AN-X-Request-Uuid: 498baa51-5eb3-4382-972c-27772a77c14f
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame B0F2 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:49 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame B0F2 44 B
606 B 58ms
58ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%223fa8cfb9%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=3fa8cfb9-5557-4799-8f57-376d0a80bf6e&pv=3fa8cfb9-5557-4799-8f57-376d0a80bf6e&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

b013b37458bfa64631962f01483797b25b0310ca023d6431f4f894a28b6372a4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:50 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B0F2 160 B
1016 B 18ms
18ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

8dca189ac940b080a649201268fbf92d8c3801bba049ddb319d9a24ff8656708

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.43:80
AN-X-Request-Uuid: 9c02ef6a-9475-49f5-810c-58457fe8b7a4
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame B0F2 20 B
320 B 65ms
65ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=3fa8cfb9-5557-4799-8f57-376d0a80bf6e-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:50 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame B0F2 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=3fa8cfb9&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:50 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 37ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c91462cbf9d333da32ddd60f8ee59c6c22d6b84960ee50e8fd5896756c13b992

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:50 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 906

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame DF14 421 KB
94 KB 55ms
54ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:50 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136390.dop001.wa1.t,1582136390.cds002.wa1.hn,1582136390.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144756
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame DF14 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497704
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame DF14 160 B
1016 B 45ms
44ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

dd4da4423cb55a185907f82557e5df93047f760abd833dcf65b0f7f4eb1533e2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:52 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.74:80
AN-X-Request-Uuid: 0b248bc7-c4e4-4f8c-9791-8c6acb7a2065
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame DF14 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:50 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame DF14 44 B
606 B 82ms
81ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%22404e77b8%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=404e77b8-a714-4fff-837d-cb96a31fa07c&pv=404e77b8-a714-4fff-837d-cb96a31fa07c&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

81820f1da3e942d6ec0034aa42e3e417c15dc787e44e14184ad48d6820374228

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:50 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame DF14 160 B
1016 B 19ms
19ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

12008ace25713a76a246a9d2fb94db900d05f09e791d19bfcb0eb925494b34f2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:52 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.56:80
AN-X-Request-Uuid: 79936f27-707e-45c3-aa23-8dff23e6a587
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame DF14 20 B
320 B 65ms
64ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=404e77b8-a714-4fff-837d-cb96a31fa07c-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:50 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 117ms
116ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: d7087df0ce71e001e7322e421c9b676df05f74ab8f5e19762988289a094b68d9

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:50 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame DF14 0
217 B 38ms
38ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=404e77b8&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:50 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 13CE 42 B
115 B 37ms
37ms Image
image/gif 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstj6Vq-AqDJ8-NI7hM1IULOxCL1H7SUBaO8ETAY_yfOOjdZZ0PfX_qRQFVGgCe4efFit4QVLLz7RHLY-LfXHWjGMs8yAkOPlyn-KYCoWez_16zYsWSIEcJMJaqYGg&sai=AMfl-YSdf4noenHVP4lUDki-vQsBOV4argBcKOYr3UrlCiVMwYDAtlU-0gl31m27ofpeQuqbT_bJk67iaVhjGLw0MkRGUbQj0MAKb876CET-XjmekwBPUy_IPq6xXkc&sig=Cg0ArKJSzGMDa-qb6e-zEAE&cid=CAASF-RoG2kMnWLTIPS-DP_IxggBH3AQfpu8&id=ampim&o=1082,327&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=124&tls=1124&g=100&h=100&tt=1124&r=v&adk=771041174&avms=ampa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Wed, 19 Feb 2020 18:19:50 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
38ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c60cef55163e400a5fa224f5665af48c64c87c890248583c29fbf1d2c38827f3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:50 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 909

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 2559 421 KB
94 KB 46ms
45ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:50 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136390.dop001.wa1.t,1582136390.cds002.wa1.hn,1582136390.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144756
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 2559 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497704
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 2559 160 B
1016 B 30ms
30ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

9ad0e60f15847d8c347e26e1341d56098cf2603e3801be42745b40c297a207dd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:52 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.41:80
AN-X-Request-Uuid: 5ea1fefc-ebdd-4005-97e3-01a634ab14d0
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 2559 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:50 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 2559 44 B
606 B 44ms
43ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%22f142a4c8%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=f142a4c8-2dc5-4764-a641-e1ff40656eab&pv=f142a4c8-2dc5-4764-a641-e1ff40656eab&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

7203ea09edaa0d139ca3e93184c1b5bf8fd55a2e7e9a9f3490b66d1192ee08f8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:50 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 2559 166 B
1 KB 95ms
94ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

05955dd5088f4ea2b09ffafbebc2295066fb7d8d0dab854e4086b74e9bcd13c2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:52 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.117:80
AN-X-Request-Uuid: 1b73e21c-59e8-4d22-86a0-11846a186ebd
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 166
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 2559 20 B
320 B 67ms
67ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=f142a4c8-2dc5-4764-a641-e1ff40656eab-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:50 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 2559 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=f142a4c8&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:50 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b32af80381c2d348f1564936b85fd5d0dafca7b15b9c5e019326743e8a11b1a5

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:50 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 908

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 79EC 421 KB
94 KB 42ms
42ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:50 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136390.dop001.wa1.t,1582136390.cds002.wa1.hn,1582136390.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144756
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H/1.1 200
OK tracking.png
trk.connatix.com/ Frame 3837 0
162 B 109ms
109ms Image
text/plain 52.21.193.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/tracking.png?c_rpobidMeta=[{id:15447,c_wt:287,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:281,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:237,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:935,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22}]&cb=40756cca18256c6bf2ab1582136390869&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&c_v=1898_1_0_0_0&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&xplt=false&spp=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.193.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-193-116.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:50 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 79EC 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497704
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 79EC 160 B
1017 B 18ms
18ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

b99ed6702d19c0d38db8b116cd48ef71372615dd2f22099118f2736464d58900

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:52 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.105:80
AN-X-Request-Uuid: 1f44e8a8-66dd-41f1-9806-b2099669b388
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 79EC 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:50 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 79EC 44 B
606 B 38ms
38ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%224fb0470c%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=4fb0470c-bf85-49d8-97bb-8c539418184a&pv=4fb0470c-bf85-49d8-97bb-8c539418184a&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

0e4f91c24af7d4834bfe78001a2fbfa7cda78ff16df8aa97e1da0aa1249dff88

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:50 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 79EC 160 B
1017 B 22ms
22ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

d063569a76709d97f4eade8e0099f3d85798e392cd41e39d4e93258f2839a23b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:52 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.139:80
AN-X-Request-Uuid: d60b16ce-68b1-470f-aaab-84e8f6f426c4
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 79EC 20 B
320 B 66ms
66ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=4fb0470c-bf85-49d8-97bb-8c539418184a-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:51 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 79EC 0
217 B 38ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=4fb0470c&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:51 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
38ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 554c9e6cd4068435f54b6af8937c0c499dcdf008fea229d4139d17c1dad64bfc

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:51 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 908

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame C46B 421 KB
94 KB 40ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:51 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136391.dop001.wa1.t,1582136391.cds002.wa1.hn,1582136391.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144755
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame C46B 29 KB
8 KB 21ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497705
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C46B 159 B
861 B 18ms
18ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

3fcab3903453400841c956bb9a362c095503cc31bbe2bcb770900e20a2172198

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:53 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.139:80
AN-X-Request-Uuid: 81aa7891-67e7-4a55-ab36-8664d5fd97bd
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 159
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame C46B 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:51 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame C46B 44 B
667 B 45ms
44ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%222d5e40c3%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=2d5e40c3-070d-4374-8b1a-da3bb9a379da&pv=2d5e40c3-070d-4374-8b1a-da3bb9a379da&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

1c36925d76f78d2e4617326a9f6167219aa5e55546d70960e2448eec3f5c6114

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C46B 166 B
1 KB 74ms
73ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

6bf4f2da8be9277d672112eb0c70c06e809264627b6922b4d481fbda583b5fb1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:53 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.143:80
AN-X-Request-Uuid: f6ecd4b9-2988-47f5-8ffc-c799fdfbe606
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 166
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame C46B 20 B
320 B 66ms
65ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=2d5e40c3-070d-4374-8b1a-da3bb9a379da-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:51 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame C46B 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=2d5e40c3&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:51 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
2 KB 38ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 01b6ab3fc32a785c2e11624717eaab02adabb8845bf8744de43ad1e395860f48

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:51 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 907

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 9FF7 421 KB
94 KB 41ms
41ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:51 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136391.dop001.wa1.t,1582136391.cds002.wa1.hn,1582136391.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144755
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 9FF7 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497705
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 9FF7 160 B
1016 B 24ms
24ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

c80d48025a26a4f0bbdf1ddc9c39946249aa90a97518b7c290e98ef0b67954ce

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:53 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.59:80
AN-X-Request-Uuid: e7f45d63-08f0-4c6e-97cd-f253739b2172
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 9FF7 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:51 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 9FF7 44 B
604 B 41ms
41ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%2273ddc6fb%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=73ddc6fb-42df-439a-ac36-97f923c81d08&pv=73ddc6fb-42df-439a-ac36-97f923c81d08&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

cc539f72f46292630397e77daa65b6a239d367fa26380ed477b8336f172ea545

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 9FF7 159 B
1015 B 21ms
20ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

e864c078ca96f8563b4c767790346df39b7bd8f8d8cb1b418c314a1617647bac

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:53 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.44:80
AN-X-Request-Uuid: feb58343-a85a-4bcc-a5d7-180c2e97052a
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 159
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 9FF7 20 B
320 B 99ms
99ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=73ddc6fb-42df-439a-ac36-97f923c81d08-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:51 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 9FF7 0
217 B 38ms
38ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=73ddc6fb&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:51 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7d596db6a8097c3a10675c9176ada67e39e4dce2e6e16cb9fda9233765a68d48

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:51 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 919

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 1712 421 KB
94 KB 42ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:51 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136391.dop001.wa1.t,1582136391.cds002.wa1.hn,1582136391.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144755
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 1712 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497705
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1712 160 B
1016 B 21ms
21ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

2946d7d4d70c31762b0d468d03f4d463f6f154cdcf22b2ce95a60d729d0800a9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:53 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.46:80
AN-X-Request-Uuid: 6e91c40c-9d19-4348-ba6a-236fd0302d75
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 1712 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:51 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 1712 44 B
604 B 40ms
40ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%226b16eac5%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=6b16eac5-e99a-47fd-b38f-db66b032e13d&pv=6b16eac5-e99a-47fd-b38f-db66b032e13d&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

768bfb8797dd876f4dd46d86d9a19bea257e116d1c7a0fa30041b3a7c452309a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:51 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1712 160 B
1016 B 29ms
29ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

03f510c8d52aedad3e4a1e8cf531554acf5e553832d46e7b2c6e99061d5e6fcd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:53 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.80:80
AN-X-Request-Uuid: 77bde9d1-c31e-4182-be0b-ef9ffa707e0e
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 1712 20 B
320 B 101ms
101ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=6b16eac5-e99a-47fd-b38f-db66b032e13d-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:51 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 1712 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=6b16eac5&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:52 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 39ms
39ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7915b57d17e2d7f11e1b4026bbce5c434f002d13854cf59caed717a47a1480dd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:52 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 909

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 6613 421 KB
94 KB 41ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:52 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136392.dop001.wa1.t,1582136392.cds002.wa1.hn,1582136392.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144754
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 6613 29 KB
8 KB 17ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497706
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 6613 166 B
1 KB 38ms
37ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

a10c24830347a8bbddb4ce07da337bae89f1fffc9a24a34bb006ddf58cc809b2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:54 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.117:80
AN-X-Request-Uuid: eae45be2-f665-4de5-b0dd-1e8445e3f609
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 166
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 6613 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:52 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 6613 44 B
604 B 33ms
33ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%227df87ec4%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=7df87ec4-c39f-4a74-b2aa-f4ebf74c5587&pv=7df87ec4-c39f-4a74-b2aa-f4ebf74c5587&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

74a4dd0f298b5720ef3403e9e13da0078258c2d1d6bcddd53bde45cf2acdba44

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:52 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 6613 160 B
1017 B 20ms
19ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

bbd1aab0969e2d252ca99e52a06cb29f73b6d3532d967a577ed98a3782e4e1b1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:54 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.222:80
AN-X-Request-Uuid: d97bfb50-5935-4df3-bbe2-e77b928a380e
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 6613 20 B
320 B 68ms
67ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=7df87ec4-c39f-4a74-b2aa-f4ebf74c5587-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:52 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 6613 0
217 B 38ms
38ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=7df87ec4&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:52 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 85c53261e9a822799495d1924321032d90912ddd5064e443908566de88a604b3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:52 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 925

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 09EB 421 KB
94 KB 41ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:52 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136392.dop001.wa1.t,1582136392.cds002.wa1.hn,1582136392.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144754
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 09EB 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497706
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 09EB 160 B
1017 B 20ms
20ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

8f2e58f0dcda11bcfe8c64dc4bc156694a7c27d110efe50bbbac56738c6c46cc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:54 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.140:80
AN-X-Request-Uuid: 5e7f4591-335a-4860-b1f1-48bc0f18497a
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 09EB 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:52 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 09EB 44 B
604 B 38ms
38ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%2223790d3e%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=23790d3e-c9f6-4bfc-8d0b-0de81a34b84f&pv=23790d3e-c9f6-4bfc-8d0b-0de81a34b84f&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

e70a25fb0b14a5bc493ef39826bdd736e8b08de39e4c8e74c45116c823ffdc13

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:52 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 09EB 160 B
1017 B 20ms
20ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

17e02888efa09e0fb2e759e30e3e0d4bddd8216f57510b0165bf8abadb22c0fc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:54 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.136:80
AN-X-Request-Uuid: b5fcef0b-e211-44c1-8f09-2e7cfba1ea2e
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 09EB 20 B
320 B 99ms
98ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=23790d3e-c9f6-4bfc-8d0b-0de81a34b84f-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:52 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 09EB 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=23790d3e&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:52 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5e8db405aac45cd4f3b74e7c56042fc966303abf216700a5fa4f498c7e343ac8

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:52 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 907

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 7350 421 KB
94 KB 40ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:52 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136392.dop001.wa1.t,1582136392.cds002.wa1.hn,1582136392.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144754
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 7350 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497706
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 7350 160 B
1017 B 20ms
20ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

183ba2a1c820eddf9b7db3a6e5484b716a31073c4e2be206849189a0694ce1bf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:54 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.154:80
AN-X-Request-Uuid: f3bad92d-9681-4d11-9b0b-21667b095a85
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 7350 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:52 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 7350 44 B
604 B 34ms
33ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%2260da70a4%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=60da70a4-9e28-4fc4-bb70-6eea5861b774&pv=60da70a4-9e28-4fc4-bb70-6eea5861b774&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

b754f2bfa5ba5c8eab6b26426aab7443da1afc79cd2b180d2ddb114a63857bf9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:52 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 7350 160 B
1016 B 77ms
76ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

b461ccc36d99fdda246cc283a4854fe2563a34e0a6f2fb60757938663e5eacf5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:54 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.81:80
AN-X-Request-Uuid: 1ba10e6f-6e82-46cc-9064-f1617fcc0c2c
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 7350 20 B
320 B 71ms
70ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=60da70a4-9e28-4fc4-bb70-6eea5861b774-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:52 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 7350 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=60da70a4&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:52 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 37ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b34ca706fcd7fc081a57893b1482040ef1f406ceac62d9d00599c8f143b02460

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:52 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 915

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 4E02 421 KB
94 KB 40ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:52 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136392.dop001.wa1.t,1582136392.cds002.wa1.hn,1582136392.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144754
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 4E02 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497707
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4E02 160 B
1017 B 18ms
18ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

63b3b0895d22f399ffa028bc506dec49d423c55074528a0b0f647289f56c7bfc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:55 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.185:80
AN-X-Request-Uuid: ba370104-2090-49c1-a413-cc8a20142738
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 4E02 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:53 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 4E02 44 B
667 B 33ms
33ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%2230a2bdcc%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=30a2bdcc-c519-45e3-9dba-3a90a3ec16ed&pv=30a2bdcc-c519-45e3-9dba-3a90a3ec16ed&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

8bea4d68f27a3f991a37172a4b5b9839e673d0d7858a0461b015633eda0aa6b7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:53 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4E02 160 B
1016 B 17ms
17ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

6e355c9865b51cabd36e2c8a45612af71b27b0e75eddcaf71969781de949fbe0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:55 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.70:80
AN-X-Request-Uuid: 3bb3a480-89f4-4dbe-9503-d9b03a539337
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 4E02 20 B
320 B 76ms
75ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=30a2bdcc-c519-45e3-9dba-3a90a3ec16ed-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:53 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 4E02 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=30a2bdcc&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:53 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 39ms
39ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b247cebe9f4ea300b293e46d77920a3027a7b2ca9b160434e25501f0fb49492f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:53 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 905

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame F9C6 421 KB
94 KB 44ms
43ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:53 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136393.dop001.wa1.t,1582136393.cds002.wa1.hn,1582136393.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144753
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame F9C6 29 KB
8 KB 17ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497707
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame F9C6 160 B
1017 B 24ms
23ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

146d1443f9a245d8859af080ba4edde3f2613fdd3a4751bc45493022d919a865

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:55 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.184:80
AN-X-Request-Uuid: b5122a79-835f-42af-a38d-e4f18612b91c
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame F9C6 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:53 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame F9C6 44 B
604 B 38ms
37ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%224f58df21%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=4f58df21-9844-4d3c-9552-9cf60ccf040e&pv=4f58df21-9844-4d3c-9552-9cf60ccf040e&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

71108f84ae0221880a0b4d030ecc776881a87119a5ed972bf7b8a2c393a237ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:53 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame F9C6 166 B
1 KB 93ms
92ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

e0a13ccca1b02b55a8ad4c8d4bcd03614adfa5632639d37d53d98dcc104b6289

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:55 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.199:80
AN-X-Request-Uuid: b56d66ce-481c-4860-8905-e6f08f521b5d
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 166
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame F9C6 20 B
320 B 269ms
268ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=4f58df21-9844-4d3c-9552-9cf60ccf040e-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:53 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame F9C6 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=4f58df21&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:53 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
38ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 69b1a4ad76d94c74e81b6a1ab2669b72ac6e8dd4847e7f9f82b10a2184580517

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:53 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 923

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame B2E0 421 KB
94 KB 41ms
41ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:53 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136393.dop001.wa1.t,1582136393.cds002.wa1.hn,1582136393.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144753
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame B2E0 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497707
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B2E0 160 B
1016 B 20ms
19ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4367d4a7bdfc67f36343180432a81ef2831160c20a61529657ed34a3ebced585

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:55 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.39:80
AN-X-Request-Uuid: 39b46f8b-04e2-43ee-97ab-155160861633
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame B2E0 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:53 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame B2E0 44 B
604 B 41ms
41ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%22a47a4464%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=a47a4464-82e8-425b-a5cd-3631e7714054&pv=a47a4464-82e8-425b-a5cd-3631e7714054&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

d40171a52263c06956f85e7c1729824440461ec3af40390b4a82ac35c8d56078

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:53 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B2E0 160 B
1016 B 22ms
22ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

a42a5cc638643be862a89da92c14367e7124da9fbe89a6200321dca51312a9f9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:55 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.40:80
AN-X-Request-Uuid: 3cad5c65-140b-4834-9819-b8fbbb6cff2e
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK tracking.png
trk.connatix.com/ Frame 3837 0
162 B 109ms
108ms Image
text/plain 52.21.193.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/tracking.png?c_rpobidMeta=[{id:15447,c_wt:476,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:218,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:260,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:249,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:222,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22}]&cb=9ad991567924811d9f621582136393869&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&c_v=1898_1_0_0_0&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&xplt=false&spp=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.193.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-193-116.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:53 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK tracking.png
trk.connatix.com/ Frame 3837 0
162 B 109ms
109ms Image
text/plain 52.21.193.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/tracking.png?c_rpobidMeta=[{id:15447,c_wt:263,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:256,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:256,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:221,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22}]&cb=66008368d726e0c58d8e1582136393869&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&c_v=1898_1_0_0_0&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&xplt=false&spp=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.193.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-193-116.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:53 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame B2E0 20 B
320 B 68ms
68ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=a47a4464-82e8-425b-a5cd-3631e7714054-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:53 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame B2E0 0
217 B 38ms
38ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=a47a4464&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:53 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ee6f056ce4b3cb3f32104abaf004f4d436d2dc86efb0a72ed097df328b6d0860

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:54 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 923

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 141B 421 KB
94 KB 40ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:54 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136394.dop001.wa1.t,1582136394.cds002.wa1.hn,1582136394.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144752
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 141B 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497708
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 141B 160 B
1017 B 18ms
18ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

37a09687a80cc5ccd13398ef93c7178aabc5a9f7df4043fca54924d68dba2282

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:56 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.234:80
AN-X-Request-Uuid: e1db04f6-7277-4e83-a3ad-ff6864e5c27e
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 141B 678 B
878 B 12ms
11ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:54 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 141B 44 B
604 B 39ms
39ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%222b5f8993%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=2b5f8993-52e7-4505-8112-96957d667173&pv=2b5f8993-52e7-4505-8112-96957d667173&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

c8abda32c751d75594cb63aeb028346ebcdaef359e6ed6e4daca5534c912656a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:54 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 141B 160 B
1016 B 20ms
20ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

8231f4ac30ceb5e5981eb77f2fc9f6178c1ae2ad7dbbeec3878d4a05129f28a1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:56 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.76:80
AN-X-Request-Uuid: de9ee248-a995-40a7-984e-e9723f70c3db
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 141B 20 B
320 B 67ms
66ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=2b5f8993-52e7-4505-8112-96957d667173-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:54 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 141B 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=2b5f8993&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:54 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
2 KB 37ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4cb9a81af092e367ebcc83f1ba00b76d2ef75e69d734d53e4ae4ade6872e3b10

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:54 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 915

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame E1BC 421 KB
94 KB 41ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:54 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136394.dop001.wa1.t,1582136394.cds002.wa1.hn,1582136394.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144752
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame E1BC 29 KB
8 KB 23ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497708
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame E1BC 160 B
862 B 20ms
20ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

ea7cc8b7d8c467c9bd9626911e2d69c6fd773cf4e3a9d62b6e60d6054f5b17d3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:56 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.117:80
AN-X-Request-Uuid: d55b63a3-7678-473e-8db8-6b5a43708f89
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame E1BC 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:54 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame E1BC 44 B
671 B 43ms
42ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%22d89452d5%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=d89452d5-74f6-459a-9291-8e3d4e7f77fb&pv=d89452d5-74f6-459a-9291-8e3d4e7f77fb&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

cfbd9ed57a58c3bd76cac990344ca67a108bf213f4e34454d6c6b7eae0d11892

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:54 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame E1BC 160 B
862 B 21ms
20ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

160544712b9925bf3cc18252778bf373ab98172f0d5aa7045c7217da5428c4e7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:56 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.236:80
AN-X-Request-Uuid: 2d4191db-0387-4ed5-aa2d-d18b6f126ccf
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame E1BC 20 B
320 B 67ms
67ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=d89452d5-74f6-459a-9291-8e3d4e7f77fb-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:54 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame E1BC 0
217 B 38ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=d89452d5&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:54 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

sync
eb2.3lift.com/ Frame 6E6E
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

24ms
23ms

Document
text/html

35.157.121.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.121.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-121-171.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=13989442557543022989
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQtYe29YUuCgoI4gEQtYe29YUuCgoI5gEQtYe29YUuCgkICRC1h7b1hS4KCgipARC1h7b1hS4KCQg5ELWHtvWFLgoJCDoQtYe29YUuCgkICxC1h7b1hS4KCgjOARC1h7b1hS4KCQgfELWHtvWFLg==; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=13989442557543022989; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Wed, 19 Feb 2020 18:19:54 GMT
content-length: 0
set-cookie: tluid=3603435918688515398; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

pd
eu-u.openx.net/w/1.0/ Frame E922
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1

0
0

27ms
26ms

Document
text/html

34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394; Version=1; Expires=Thu, 18-Feb-2021 18:19:54 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1582136394|mOsLgqgikin0fcmWiygu; Version=1; Expires=Thu, 05-Mar-2020 18:19:54 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.176.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html
content-length: 483
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

status: 302
set-cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394; Version=1; Expires=Thu, 18-Feb-2021 18:19:54 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.176.1
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
date: Wed, 19 Feb 2020 18:19:54 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2

200

sync
eb2.3lift.com/ Frame D93E
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

28ms
27ms

Document
text/html

35.157.121.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.121.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-121-171.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=13989442557543022989
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQtYe29YUuCgoI4gEQtYe29YUuCgoI5gEQtYe29YUuCgkICRC1h7b1hS4KCgipARC1h7b1hS4KCQg5ELWHtvWFLgoJCDoQtYe29YUuCgkICxC1h7b1hS4KCgjOARC1h7b1hS4KCQgfELWHtvWFLg==; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=13989442557543022989; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Wed, 19 Feb 2020 18:19:54 GMT
content-length: 0
set-cookie: tluid=6801572100597978025; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 815F 0
0 199ms
197ms Document
text/html 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html
set-cookie: __cfduid=dd700cef77f3668123e3c8bdaa19abba11582136394; expires=Fri, 20-Mar-20 18:19:54 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
cf-ray: 567a40720f80728d-AMS
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame B8A7 0
0 193ms
193ms Document
text/html 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html
set-cookie: __cfduid=dd700cef77f3668123e3c8bdaa19abba11582136394; expires=Fri, 20-Mar-20 18:19:54 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
cf-ray: 567a40720f84728d-AMS
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H2

200

sync
eb2.3lift.com/ Frame 1D8B
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

22ms
21ms

Document
text/html

35.157.121.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.121.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-121-171.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=13989442557543022989
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQtoe29YUuCgoI4gEQtoe29YUuCgoI5gEQtoe29YUuCgkICRC2h7b1hS4KCgipARC2h7b1hS4KCQg5ELaHtvWFLgoJCDoQtoe29YUuCgkICxC2h7b1hS4KCgjOARC2h7b1hS4KCQgfELaHtvWFLg==; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=13989442557543022989; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Wed, 19 Feb 2020 18:19:54 GMT
content-length: 0
set-cookie: tluid=3185810570422405363; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame F51F 0
0 130ms
44ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Last-Modified: Tue, 04 Feb 2020 05:12:07 GMT
ETag: "13006b6-9f85-59db914d12ccf"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14955
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=75775
Expires: Thu, 20 Feb 2020 15:22:49 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame AB27 0
0 103ms
25ms Document
text/html 23.210.249.83
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.83 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-83.deploy.static.akamaitechnologies.com
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Server: nginx/1.9.13
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Thu, 18 Feb 2021 18:19:54 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame D669 0
0 570ms
569ms Document
text/html 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:55 GMT
content-type: text/html
set-cookie: __cfduid=dd700cef77f3668123e3c8bdaa19abba11582136394; expires=Fri, 20-Mar-20 18:19:54 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
cf-ray: 567a40722fa5728d-AMS
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame F894 0
0 172ms
98ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Last-Modified: Tue, 04 Feb 2020 05:12:07 GMT
ETag: "13006b6-9f85-59db914d12ccf"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14955
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=75775
Expires: Thu, 20 Feb 2020 15:22:49 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 72F1 0
0 98ms
25ms Document
text/html 23.210.249.83
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.83 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-83.deploy.static.akamaitechnologies.com
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Server: nginx/1.9.13
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Thu, 18 Feb 2021 18:19:54 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 708D 0
0 86ms
24ms Document
text/html 23.210.249.83
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.83 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-83.deploy.static.akamaitechnologies.com
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Server: nginx/1.9.13
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Thu, 18 Feb 2021 18:19:54 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 4CE2 0
0 156ms
156ms Document
text/html 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html
set-cookie: __cfduid=dd700cef77f3668123e3c8bdaa19abba11582136394; expires=Fri, 20-Mar-20 18:19:54 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
cf-ray: 567a40724fbf728d-AMS
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 142F 0
0 97ms
44ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Last-Modified: Tue, 04 Feb 2020 05:12:07 GMT
ETag: "13006b6-9f85-59db914d12ccf"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14955
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=75775
Expires: Thu, 20 Feb 2020 15:22:49 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 6792 0
0 153ms
74ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Last-Modified: Tue, 04 Feb 2020 05:12:07 GMT
ETag: "13006b6-9f85-59db914d12ccf"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14955
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=75775
Expires: Thu, 20 Feb 2020 15:22:49 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 4740 0
0 151ms
74ms Document
text/html 23.210.249.83
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.83 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-83.deploy.static.akamaitechnologies.com
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Server: nginx/1.9.13
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Thu, 18 Feb 2021 18:19:54 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive

GET
H2

200

sync
eb2.3lift.com/ Frame 36DE
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

27ms
26ms

Document
text/html

35.157.121.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.121.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-121-171.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=13989442557543022989
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQtoe29YUuCgoI4gEQtoe29YUuCgoI5gEQtoe29YUuCgkICRC2h7b1hS4KCgipARC2h7b1hS4KCQg5ELaHtvWFLgoJCDoQtoe29YUuCgkICxC2h7b1hS4KCgjOARC2h7b1hS4KCQgfELaHtvWFLg==; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=13989442557543022989; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Wed, 19 Feb 2020 18:19:54 GMT
content-length: 0
set-cookie: tluid=13989442557543022989; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 25AA 0
0 41ms
41ms Document
text/html 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394; pd=v2|1582136394|mOsLgqgikin0fcmWiygu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394; Version=1; Expires=Thu, 18-Feb-2021 18:19:54 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1582136394|rsgmkimWfcvmsHqGgqmuiynIsLomgemOgunsn0gi; Version=1; Expires=Thu, 05-Mar-2020 18:19:54 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.176.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html
content-length: 480
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 sync
eb2.3lift.com/ Frame 6827 0
0 20ms
20ms Document
text/html 35.157.121.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.121.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-121-171.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=13989442557543022989
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQp4e29YUuCgoI4gEQp4e29YUuCgoI5gEQp4e29YUuCgkICRCnh7b1hS4KCgipARCnh7b1hS4KCQg5EKeHtvWFLgoJCDoQp4e29YUuCgkICxCnh7b1hS4KCgjOARCnh7b1hS4KCQgfEKeHtvWFLg==; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=13989442557543022989; Max-Age=7776000; Expires=Tue, 19 May 2020 18:19:54 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 8B62 0
0 203ms
203ms Document
text/html 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html
set-cookie: __cfduid=dd700cef77f3668123e3c8bdaa19abba11582136394; expires=Fri, 20-Mar-20 18:19:54 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
cf-ray: 567a4072a81c728d-AMS
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 3AF1 0
0 26ms
26ms Document
text/html 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394; pd=v2|1582136394|rsgmkimWfcvmsHqGgqmuiynIsLomgemOgunsn0gi
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394; Version=1; Expires=Thu, 18-Feb-2021 18:19:54 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1582136394|forsj8gmkimWjotufcvmsHtlqGgqvtmuiyfQnIsLiSomgemOgusflEnsn0gi; Version=1; Expires=Thu, 05-Mar-2020 18:19:54 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.176.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html
content-length: 547
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame FA3F 0
0 94ms
73ms Document
text/html 23.210.249.83
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.83 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-83.deploy.static.akamaitechnologies.com
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Server: nginx/1.9.13
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Thu, 18 Feb 2021 18:19:54 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 133D 0
0 191ms
86ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Last-Modified: Tue, 04 Feb 2020 05:12:07 GMT
ETag: "13006b6-9f85-59db914d12ccf"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14955
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=75775
Expires: Thu, 20 Feb 2020 15:22:49 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 901C 0
0 34ms
33ms Document
text/html 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394; pd=v2|1582136394|rsgmkimWfcvmsHqGgqmuiynIsLomgemOgunsn0gi
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394; Version=1; Expires=Thu, 18-Feb-2021 18:19:54 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1582136394|forsj8gmkimWjotufcvmsHtlqGgqvtmuiyfQnIsLiSomgemOgusflEnsn0gi; Version=1; Expires=Thu, 05-Mar-2020 18:19:54 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.176.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html
content-length: 547
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame A458 0
0 32ms
32ms Document
text/html 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.176.1 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394; pd=v2|1582136394|rsgmkimWfcvmsHqGgqmuiynIsLomgemOgunsn0gi
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=b0db33e4-827e-09c3-2897-984595bf5c4e|1582136394; Version=1; Expires=Thu, 18-Feb-2021 18:19:54 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1582136394|forsj8gmkimWjotufcvmsHtlqGgqvtmuiyfQnIsLiSomgemOgusflEnsn0gi; Version=1; Expires=Thu, 05-Mar-2020 18:19:54 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.176.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 19 Feb 2020 18:19:54 GMT
content-type: text/html
content-length: 547
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame B8BD 0
0 185ms
84ms Document
text/html 23.37.55.184
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 12 Feb 2020 18:47:41 GMT
Content-Encoding: gzip
Content-Length: 7692
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=20642
Expires: Thu, 20 Feb 2020 00:03:56 GMT
Date: Wed, 19 Feb 2020 18:19:54 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 85ms
76ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 631bd01ce8d20b31eae3f7ead1b3e9d0df293424ed4bfd45c12e0998972bb5e3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:54 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 925

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 0416 421 KB
94 KB 91ms
81ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:54 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136394.dop001.wa1.t,1582136394.cds002.wa1.hn,1582136394.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144752
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 0416 29 KB
8 KB 18ms
18ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497708
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 0416 160 B
861 B 17ms
17ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

db0dd5af93ba9a9251ce993a585c6aeb7dc76af839a403baaf4a8aee6101ad71

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:56 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.14:80
AN-X-Request-Uuid: 3a077168-13c9-4006-bcb8-561535feae4c
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 0416 678 B
878 B 16ms
16ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:54 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 0416 44 B
606 B 47ms
45ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%222fb95be8%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=2fb95be8-de42-44d8-888a-42b552d83ff1&pv=2fb95be8-de42-44d8-888a-42b552d83ff1&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

47d7ca288e7f47ac2ccf6594a39838f9e492138f64e302383944724e0f7f481f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:55 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 0416 160 B
862 B 19ms
18ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

c210e58ef5e0d448c8502bbb5c574c0f3725b3c7997467f832c9fae641493b92

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:56 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.234:80
AN-X-Request-Uuid: fec34e0a-b8f2-4908-9b79-2ce43f8506ad
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 0416 20 B
320 B 67ms
67ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=2fb95be8-de42-44d8-888a-42b552d83ff1-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:55 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 0416 0
217 B 38ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=2fb95be8&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:55 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 37ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ad87a0de6b08de9c68d86a0cf81ad41d6c38aefe1447a7583425a835f14d8820

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:55 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 914

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 1DEA 421 KB
94 KB 41ms
41ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:55 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136395.dop001.wa1.t,1582136395.cds002.wa1.hn,1582136395.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144751
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 1DEA 29 KB
8 KB 18ms
18ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497709
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1DEA 160 B
861 B 17ms
17ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

ef713c2cf98c2f3b6e76ecdb4ede534b447a8d78fc4d2fd0064b8ab9b67b4c31

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:57 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.42:80
AN-X-Request-Uuid: 2c650e83-a70a-4b98-9000-63f42f2be660
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 1DEA 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:55 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 1DEA 44 B
606 B 40ms
40ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%22313578c8%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=313578c8-8003-4463-bff7-8137a6aadae9&pv=313578c8-8003-4463-bff7-8137a6aadae9&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

8a6a6f61762a1eee710848b2eba23ec589b9cadb4421c316c6f6259cc2e8ebf3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:55 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1DEA 160 B
861 B 17ms
17ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

866357e628c5d3a6df4f65a3ee96027a04e137b16f573bbb572cdd83d8aecaf7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:57 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.78:80
AN-X-Request-Uuid: 9daed6a7-1d46-4f5e-bcec-b8905231aeb4
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 1DEA 20 B
320 B 70ms
70ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=313578c8-8003-4463-bff7-8137a6aadae9-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:55 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 1DEA 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=313578c8&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:55 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 39ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3cf4c9ca63b5dc4acd2476a63223fa17a05b52787b688cc76560f8dc621a44f2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:55 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 911

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 290A 421 KB
94 KB 41ms
41ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:55 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136395.dop001.wa1.t,1582136395.cds002.wa1.hn,1582136395.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144751
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 290A 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497709
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 290A 160 B
861 B 18ms
17ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

6ff03fb6ccd75de85960f6893743d3b0ab6a6627690024d895dba0b3f186b247

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:57 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.79:80
AN-X-Request-Uuid: a51e6630-9591-449c-8e1a-8387f2aae774
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 290A 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:55 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 290A 44 B
606 B 44ms
43ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%228a4785c2%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=8a4785c2-eb68-4833-9a33-9e68acacfa76&pv=8a4785c2-eb68-4833-9a33-9e68acacfa76&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

1dc40e577aec7971376ebfdd69cf8eacca8d45c9ac6996249d7849bfb5229c55

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:55 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 290A 160 B
862 B 19ms
19ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

7764415add5d4ce89244a6c6f4b0b97e9ee8472d15117c65a4314a1b116c5195

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:57 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.141:80
AN-X-Request-Uuid: d971e762-6e0e-4b24-8511-c3210fa51cc1
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 290A 20 B
320 B 68ms
67ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=8a4785c2-eb68-4833-9a33-9e68acacfa76-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:55 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 290A 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=8a4785c2&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:56 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
2 KB 37ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b45e9bc18f046ea7a3745b21d9a65f07dcdbcc829c96995ba8240aff9f2b0f33

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:56 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 910

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 70C9 421 KB
94 KB 40ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:56 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136396.dop001.wa1.t,1582136396.cds002.wa1.hn,1582136396.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144750
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 70C9 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497710
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 70C9 160 B
861 B 18ms
18ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

042b35cc02b8ee5a8844d8dcc8f0611867f9c577b6ced4b4469fdaf4270de18d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:58 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.40:80
AN-X-Request-Uuid: 08e662d0-cf24-40f5-a80b-9e4c95437b01
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 70C9 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:56 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 70C9 44 B
667 B 42ms
42ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%226e384d60%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=6e384d60-3cbe-48a8-84b5-6a735fda19da&pv=6e384d60-3cbe-48a8-84b5-6a735fda19da&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

b23ab750c414b1284278225e6e705748609f97bfaab5f697405c9b458d86a64f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:56 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 70C9 159 B
860 B 19ms
18ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

7b90d5a54119e4123c3eee1b826c10919109142bc819f30d8d81d58894c5045a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:58 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.68:80
AN-X-Request-Uuid: 94a4be77-a429-4cc3-8558-0d4ebc6bedc5
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 159
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 70C9 20 B
320 B 76ms
75ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=6e384d60-3cbe-48a8-84b5-6a735fda19da-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:56 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 70C9 0
217 B 38ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=6e384d60&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:56 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 37ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 078a251a22b7d28f5029dd02b9edd88aa0364e238d271d0c6bc6330a5ac8dc69

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:56 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 905

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame C169 421 KB
94 KB 42ms
41ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:56 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136396.dop001.wa1.t,1582136396.cds002.wa1.hn,1582136396.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144750
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame C169 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497710
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C169 160 B
862 B 17ms
17ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

1a2e4ef5638a519033b71a93b66e2e19b1a213e3108570a7a39875b0e67fd2c7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:58 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.184:80
AN-X-Request-Uuid: eb22604a-000d-4fc1-b66b-33e782b03636
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame C169 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:56 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame C169 44 B
604 B 44ms
44ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%2220d3396b%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=20d3396b-25cc-4af4-ab4f-68d8a6422ee5&pv=20d3396b-25cc-4af4-ab4f-68d8a6422ee5&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

2bf797a5984ff76c63008159ec8943d3b2647cdac65f78bdbadd3b2a55ae417a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:56 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C169 160 B
861 B 18ms
18ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

c9b780e3ca9f0235522a7c18affca0a298ab0688d6549cd024ba5e49b2aa053d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:58 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.47:80
AN-X-Request-Uuid: 65719e20-afce-4b97-bf70-d9eaa1c06ecf
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame C169 20 B
320 B 67ms
67ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=20d3396b-25cc-4af4-ab4f-68d8a6422ee5-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:56 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame C169 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=20d3396b&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:56 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ca10b457c2c0288d3a645291f6328f4c9be428c7f60572a517e1c183432fe777

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:56 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 921

GET
H/1.1 200
OK tracking.png
trk.connatix.com/ Frame 3837 0
162 B 109ms
108ms Image
text/plain 52.21.193.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/tracking.png?c_rpobidMeta=[{id:15447,c_wt:402,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:289,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:576,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:223,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:368,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22}]&cb=c6d92d24eff7c45531ec1582136396869&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&c_v=1898_1_0_0_0&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&xplt=false&spp=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.193.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-193-116.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:56 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK tracking.png
trk.connatix.com/ Frame 3837 0
162 B 109ms
109ms Image
text/plain 52.21.193.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/tracking.png?c_rpobidMeta=[{id:15447,c_wt:349,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:216,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:222,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22}]&cb=04d9d70b518ce339635f1582136396870&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&c_v=1898_1_0_0_0&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&xplt=false&spp=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.193.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-193-116.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:56 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 56BA 421 KB
94 KB 40ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:56 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136396.dop001.wa1.t,1582136396.cds002.wa1.hn,1582136396.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144750
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 56BA 29 KB
8 KB 18ms
18ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497710
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 56BA 160 B
861 B 26ms
24ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

836083579963a1d8793843a9cf770849a613296dd5621c78052291b74e5b2df7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:58 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.53:80
AN-X-Request-Uuid: d94b8cc1-ccf3-4b03-bf83-a32f28059b44
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 56BA 678 B
878 B 15ms
14ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:56 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 56BA 44 B
667 B 79ms
39ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%229f7dde4e%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=9f7dde4e-8688-4711-98a6-f4fa1a2cb044&pv=9f7dde4e-8688-4711-98a6-f4fa1a2cb044&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

f6ccdf1f95878094583ec5a2d4ae16076f928c56ba681a595afdb5fb54822200

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:57 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 56BA 160 B
861 B 19ms
18ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

86b46363ddf2969ae4cd4e4c090274c8536026505b68402caf1d1d61b442d5a5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:58 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.73:80
AN-X-Request-Uuid: 90a4bb27-ce60-4a83-95e2-458da65b87e5
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame 56BA 20 B
320 B 67ms
67ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=9f7dde4e-8688-4711-98a6-f4fa1a2cb044-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:57 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame 56BA 0
217 B 38ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=9f7dde4e&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:57 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
37ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e5036288354f35c0db33cd193f2bb7f91b0ab7c2c38dc570a727cbf22c3116d4

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:57 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 896

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame B104 421 KB
94 KB 41ms
40ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:57 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136397.dop001.wa1.t,1582136397.cds002.wa1.hn,1582136397.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144749
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame B104 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497711
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B104 159 B
860 B 67ms
62ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

573a9263c1ddb476b398e9cf33a574056cbd89c322acab1991701ea730dde614

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:59 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.54:80
AN-X-Request-Uuid: 6a0b41f6-aa16-46a9-b8e7-e219dd434a96
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 159
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame B104 678 B
878 B 17ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:57 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame B104 44 B
604 B 596ms
46ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%22c298b5bd%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=c298b5bd-a22c-43db-861a-22ae5e98df71&pv=c298b5bd-a22c-43db-861a-22ae5e98df71&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

0827788cbea4bace2aada86b19d1d894f96bfccb9fe5bb08fa7a1637d317dd78

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:57 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B104 160 B
861 B 65ms
60ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

c71ba4d7392f4564229904745ba626b8bd32b309d6c434d6fc53f2e8f69b277b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:59 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.50:80
AN-X-Request-Uuid: d5d59659-a173-49cc-84b3-e3d62ca1cb24
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 107 B
302 B 144ms
143ms Script
text/plain 52.54.227.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&c_ivt=0&connatix_sess=3gk-jg7LziqBNo4SGJqZMwap1IVIkksttlJMEpR1wxF-6ltHuZ-Il1Z4V_vA8Svie-8VCnFazi0M9wTa7sdI4WFz8eeVXbB62gmzi79wmbL_JyS91ecHE8qU0AaE8jvruSzEyppHVilx7WeK1g1qndJylRYquAudvGUgIML-gU1C1HSYMD9bYHphviuxWH3p&notServed=false&xplr=true&c_s=false&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&gdpr=1&is_ccpa_b=false&med_id=639404&req_no=2&v=1&c_pt=1&c_f=[{id:14547,r:4,i:0,f:1}]&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&c_v=1898_1_0_0_0&spp=1&callback=cnxJSONP_aa4b1dd42e80f9ffde2a1582136397878
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.227.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-227-62.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e62255e1fc17b4841a0b4d86901c25c68b92e1afbfde316ebae6f05158103176

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:57 GMT
Content-Encoding: gzip
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 114

GET
H/1.1 200
OK bc2 Show response
bc-rtb-dub.springserve.com/ Frame B104 20 B
320 B 141ms
67ms XHR
application/json 52.18.86.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bc-rtb-dub.springserve.com/bc2?r=c298b5bd-a22c-43db-861a-22ae5e98df71-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.86.70 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-86-70.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:58 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 119 B
304 B 139ms
137ms Script
text/plain 52.54.227.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F%3F_hsenc%3Dp2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow%26_hsmi%3D83585063&c_ivt=0&connatix_sess=3gk-jg7LziqBNo4SGJqZMwap1IVIkksttlJMEpR1wxF-6ltHuZ-Il1Z4V_vA8Svie-8VCnFazi0M9wTa7sdI4WFz8eeVXbB62gmzi79wmbL_JyS91ecHE8qU0AaE8jvruSzEyppHVilx7WeK1g1qndJylRYquAudvGUgIML-gU1C1HSYMD9bYHphviuxWH3p&notServed=false&xplr=true&c_s=false&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&gdpr=1&is_ccpa_b=false&med_id=639404&req_no=3&v=2&c_pt=1&c_f=[{id:14545,r:4,i:0,f:1},{id:14479,r:1,i:0}]&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&c_v=1898_1_0_0_0&spp=1&callback=cnxJSONP_d0a0ae2b7d18e6cd41c81582136397979
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.227.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-227-62.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: c788704357247ed3f06edc457e364797fbaece92d2ceb73cb41c1d308be984ca

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:58 GMT
Content-Encoding: gzip
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 116

POST
H/1.1 200
OK i Show response
vid-io.springserve.com/vd/ Frame B104 0
217 B 37ms
37ms XHR
text/plain 34.248.21.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io.springserve.com/vd/i?suuid=c298b5bd&ps_id=514171&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.21.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-21-38.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 19 Feb 2020 18:19:58 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 514171 Show response
vid.springserve.com/vast/ Frame 3837 2 KB
1 KB 38ms
38ms XHR
application/xml 52.49.142.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.142.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-142-168.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: df4a0b146899250b37089ae4e772aebc25b0185aec48356f6c875e6370d0c664

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 19 Feb 2020 18:19:58 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 893

GET
H2 200 vpaid_2d0ef349.js Show response
vpaid.springserve.com/production/ Frame 41D7 421 KB
94 KB 41ms
41ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: AmazonS3 /
Resource Hash: 9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 19 Feb 2020 18:19:58 GMT
content-encoding: gzip
last-modified: Tue, 14 Jan 2020 17:06:38 GMT
server: AmazonS3
x-amz-request-id: 49FAD6158A43D26F
etag: "53a89f9184b1b0306557f2639fb3f7b7"
x-hw: 1582136398.dop001.wa1.t,1582136398.cds002.wa1.hn,1582136398.cds010.wa1.c
content-type: application/javascript
status: 200
cache-control: max-age=2144748
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96293
x-amz-id-2: KLPzn3SPLJZsvYl5uDM1/UxWNGvOPegQehmBS1kebC4QSWn2YK3EfjoFHwzM2bU8ksI03ZkK+F0=

GET
H2 200 oath-viewability-sdk.js Show response
cdn-ssl.vidible.tv/prod/client-utils/js/ Frame 41D7 29 KB
8 KB 18ms
17ms Script
application/javascript 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-ssl.vidible.tv/prod/client-utils/js/oath-viewability-sdk.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

ats-carp-promotion: 1
date: Fri, 14 Feb 2020 00:04:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497712
status: 200
strict-transport-security: max-age=15552000
content-length: 7868
x-amz-id-2: qrPn74Z1OL4UoMTUOq+KCNtboYyntSMyRiMOjH1WpW9HCDKzfeeIxnjg0kZv6DqxEE9lKrrBy/Q=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jan 2018 04:39:44 GMT
server: ATS
etag: "f89c71522a28b573b7e8c681892779ce-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 6B6D5D9166C2DCED
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=1209600
x-amz-version-id: MuMCHfak_fz.RiQjb8ttinJCtw0a9HGU
accept-ranges: bytes
content-type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 41D7 160 B
861 B 40ms
39ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

435ee449210eb2fa970f92abbe8a3e5aaa298115dda09e796eb90aa4eead9112

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:20:00 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.44:80
AN-X-Request-Uuid: 5d01c542-fe3a-497c-a4c9-41556fd44f2c
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ Frame 41D7 678 B
878 B 12ms
12ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 Feb 2020 18:19:58 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 41D7 44 B
604 B 101ms
43ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker={%22bc820ad5%22:%225923ef4d1eab65890133|640x480|f=4%22}&ref=https%3A%2F%2Fbleepingcomputer.com%2F&s=bc820ad5-aa5e-433c-9b39-c8ee624c3870&pv=bc820ad5-aa5e-433c-9b39-c8ee624c3870&vp=tablet&lib_name=prebid&lib_v=pbjs_lite_v1.25.0&us=0

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

ff793d5167b15ff54b84c34e54c3c8d0004d2ef2505c3921f4d00448a1c8a3a8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:19:58 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 72
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 41D7 160 B
861 B 63ms
62ms XHR
application/json 185.33.223.80
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_2d0ef349.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

f28a8129c4b601ef919fcd907eb0f05bf9d6f2b8f183fbb50b1e208973710988

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 Feb 2020 18:20:00 GMT
X-Proxy-Origin: 82.102.19.133; 82.102.19.133; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.42:80
AN-X-Request-Uuid: b0896cfb-aa15-456b-98be-75744cbbd6bc
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET bc2
bc-rtb-dub.springserve.com/ Frame 41D7 0
0

GET
H/1.1 200
OK tracking.png
trk.connatix.com/ Frame 3837 0
162 B 111ms
109ms Image
text/plain 52.21.193.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/tracking.png?c_rpobidMeta=[{id:15447,c_wt:852,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22},{id:15447,c_wt:258,c_mt:%22application%2Fjavascript%22,c_rs:%222_%2522NO_FILL%2522_undefined%22}]&cb=15c5a0fd7d69aa24d3e31582136399870&c_pl=lbT9Ye6sKzI6jyuJ30lBzvrr_FInsUxML1jBHj-rXTi9BMY2fw4C1u1S7CMGT6EsJSN5dINsPkyze_ihvL-nD0o6pXxBPErTUsXU9ErllHWFKnNdbX59OflcRzbOepuI3AICR2hmabXy30CGwz-5dNDN6dtGT61g0hEdcFIMpqV7gKOq5RCaSJ6CpsTMiaFKCmvwlgMLpUqt7djmXxEzB_c49mJSVvwQmpMYyz09N1nW8W-0ujBGr58-2HlSf-zJFKYQveSiV8vMyGUbvb63PA&c_v=1898_1_0_0_0&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdharma-ransomware-attacks-italy-in-new-spam-campaign%2F&xplt=false&spp=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.193.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-21-193-116.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 Feb 2020 18:19:59 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bc-rtb-dub.springserve.com
URL: https://bc-rtb-dub.springserve.com/bc2?r=bc820ad5-aa5e-433c-9b39-c8ee624c3870-s.514171-d.528021-dc.73340&aid=962&det_d=www.bleepingcomputer.com&det_w=834

Verdicts & Comments Add Verdict or Comment

173 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 07:28:59	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-19 16:50:32	Name: IDE Value: AHWqTUmrTsxtuLJk96gM35zGmcfW6Llpp9UE4uBZrJDs3R_-vyrfH7D9Nr-GBc86
.bleepingcomputer.com/	1970-01-20 01:00:08	Name: __gads Value: ID=639fd436f51619fd:T=1582136388:S=ALNI_Mb3FWve9I8R2rfACFV56MzYlrAtCA
www.bleepingcomputer.com/	1970-01-19 08:12:08	Name: _fsloc Value: ?i=BE&c=Brussels
www.bleepingcomputer.com/	1970-01-26 14:40:56	Name: _fsuid Value: 51bc3805-84bb-44c9-a928-ad526b22546c
.bleepingcomputer.com/	1970-01-19 08:12:08	Name: __beaconTrackerID Value: tnfytgvxq
www.bleepingcomputer.com/	1970-01-19 16:14:32	Name: _pubcid Value: 11b92ac2-410f-4cf3-9c17-37d91b1f05d5
www.bleepingcomputer.com/	1970-01-19 07:28:58	Name: fssts Value: false
.bleepingcomputer.com/	1970-01-19 07:30:22	Name: _gid Value: GA1.2.661045216.1582136387
www.bleepingcomputer.com/	1970-01-19 07:28:58	Name: _fssid Value: 1d161277-4af6-4ac8-b284-8e28601d2392
www.bleepingcomputer.com/	1969-12-31 23:59:59	Name: _cmpQcif3pcsupported Value: 1
.bleepingcomputer.com/	1970-01-20 01:00:08	Name: _ga Value: GA1.2.576930721.1582136387
www.bleepingcomputer.com/	1970-01-19 07:28:58	Name: __atuvs Value: 5e4d7c4313922f02000
www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign	1969-12-31 23:59:59	Name: fsbotchecked Value: true
.bleepingcomputer.com/	1970-01-19 08:12:08	Name: __cfduid Value: d8a4e0cf6d0298719ea22f6a3bf8acca41582136386
www.bleepingcomputer.com/	1970-01-19 16:56:17	Name: __atuvc Value: 1%7C8
www.bleepingcomputer.com/	1970-01-19 08:12:08	Name: lav Value: 7786
.bleepingcomputer.com/	1970-01-19 07:28:56	Name: _gat_gtag_UA_91740_1 Value: 1
.bleepingcomputer.com/	1969-12-31 23:59:59	Name: session_id Value: 56ed1ad3ddc016c8dd0d9b6b15a31025

30 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://info.silobreaker.com/e2t/c/W6gpMd37kPB4hW1sBLTf7BLmMP0/W2w0L4J6d4l9rN5dpfHTmNFcQ0/5/f18dQhb0S5fl8Z9b3TN59r2rlHyjJqVRYJF663BmrMN3hHhdGXL0jYVnQ9Qq8--HBkW8-xQHg31T0tSN7JvjTBqgYgKW567K1q9gFRhMW3DkckP8mvdMdW5lF-VP57MkQqW2wVpqn6WJb5TW8V035P85zz8bW7bvmFv85DV-8W5Knp6-2c5MpjW85Q1083pdDhKW834DLz8XWvncW94q7cq6VKJl2W1hC_8g5lppF5W33HvFs1sf1VKW1T1Wnm8XlCSHW31jmjq8YwNlmW7pQj-H6ylphbW2MxPtg6hZLCQW7Lp1C-89fz0MW2mhMsR9kKskbW4dzB9F9lVq47W3vyJFn8s9463W7gX9sH7Ctl60W1Vj5_k88_tq4W8GC0rQ5Tqq_3W6H5Hhd940bYHW1NFfl48P4m4TN524rhzRyMW2VLDx3d1r6KlCW8rZR5b2bJkBvW1nCrbg8RtD3NW3NlyjQ4Hbh7FW6sL1b34YsHrxW6lgPVK7GkdZcW334NR64Pxhj5W3DlwBb2g4-w6f2qdtJT04(Line 13) Message: toS
console-api	warning	URL: https://quantcast.mgr.consensu.org/cmp.js(Line 1) Message: Dependency check failed for Publisher Purpose Legitimate Interest IDs: Publisher Purpose Legitimate Interest IDs must be an array containing only purpose IDs contained in the Publisher Purpose IDs array, the following purpose IDs will be ignored: 1, 4, 5
console-api	warning	URL: https://static.quantcast.mgr.consensu.org/v29/cmpui-popup.js(Line 1) Message: Unable to get NonIab Vendor list.
console-api	log	URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 1) Message: Video gallery initializing
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js?21065556(Line 6) Message: Exception in queued GPT command TypeError: Cannot read property 'getItem' of null
console-api	info	URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js(Line 409) Message: Powered by AMP ⚡ HTML – Version 2001281851410 https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
console-api	info	URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js(Line 409) Message: Powered by AMP ⚡ HTML – Version 2001281851410 https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/?_hsenc=p2ANqtz--5GelBBXhv6V37gvsu1gtghw8yRme6dBZ9ALljiIL5xQSMrfZQ0RfOy9P7ErfOsTMMHzjCv2JArFUUXMa6ED0MPmckow&_hsmi=83585063
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped
console-api	warning	URL: https://cdns.connatix.com/p/1898/min/connatix.renderer.infeed.min_dc.js(Line 2) Message: AdStopped

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.pubmatic.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
apex.go.sonobi.com
api.quantcast.mgr.consensu.org
as-sec.casalemedia.com
audit.quantcast.mgr.consensu.org
bc-rtb-dub.springserve.com
btlr.sharethrough.com
c.amazon-adsystem.com
c.pub.network
cdn-sp-s3.air.tv
cdn-ssl.vidible.tv
cdn.ampproject.org
cdn.connatix.com
cdn.districtm.io
cdns.connatix.com
ck.connatix.com
cluster-na.cdnjquery.com
confiant-integrations.global.ssl.fastly.net
core.connatix.com
cse.google.com
d.pub.network
dmx.districtm.io
eb2.3lift.com
ecdn.analysis.fi
embed.air.tv
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
googleads.g.doubleclick.net
graph.facebook.com
hbopenbid.pubmatic.com
i.connatix.com
ib.adnxs.com
info.silobreaker.com
pagead2.googlesyndication.com
prebid.pub.network
quantcast.mgr.consensu.org
rtb.connatix.com
s.ytimg.com
s7.addthis.com
s9.addthis.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
slckg-phfiv.ads.tremorhub.com
static.quantcast.mgr.consensu.org
tlx.3lift.com
tpc.googlesyndication.com
trk.connatix.com
v1.addthisedge.com
vendorlist.consensu.org
vid-io.springserve.com
vid.springserve.com
vpaid.springserve.com
web.hb.ad.cpe.dotomi.com
www.bleepingcomputer.com
www.bleepstatic.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.reddit.com
www.youtube.com
z.moatads.com
bc-rtb-dub.springserve.com
104.16.68.69
104.20.60.209
104.26.13.6
104.85.250.71
13.35.253.107
13.35.253.24
143.204.201.153
143.204.202.117
143.204.202.94
151.101.113.194
151.101.114.217
151.101.13.140
151.139.128.10
152.199.22.24
172.217.22.2
172.217.22.70
178.162.133.150
18.197.234.227
18.211.96.69
185.33.223.80
185.64.189.112
212.71.236.117
23.210.248.44
23.210.249.164
23.210.249.83
23.210.249.92
23.210.250.213
23.37.55.184
2600:1f18:612b:4264:99e0:7fe3:6615:bfea
2600:9000:2057:2c00:9:46dc:4700:93a1
2600:9000:214f:9200:9:46dc:4700:93a1
2600:9000:214f:e800:1:af78:4c0:93a1
2606:4700:20::681a:18b
2606:4700::6811:7db4
2a00:1288:f03d:1fa::4000
2a00:1450:4001:808::2001
2a00:1450:4001:808::2002
2a00:1450:4001:808::200e
2a00:1450:4001:809::200a
2a00:1450:4001:80b::200e
2a00:1450:4001:816::2002
2a00:1450:4001:817::2008
2a00:1450:4001:819::2002
2a00:1450:4001:819::2003
2a00:1450:4001:81b::200e
2a00:1450:4001:81f::200e
2a00:1450:4001:820::2004
2a00:1450:4001:821::2001
2a02:fa8:8806:12::1430
2a03:2880:f01c:800e:face:b00c:0:2
3.124.120.214
34.248.21.38
34.95.120.147
35.157.121.171
35.188.71.214
35.226.134.247
35.226.36.58
50.16.134.22
52.1.207.152
52.18.86.70
52.21.193.116
52.49.142.168
52.54.227.62
69.16.175.10
69.173.144.140
009ae022d2db00e4941781b639e62abda03208c55cd9a4cb0c16b3cb769e7427
01a44b6f480599d907e3aa5be13c171ad17ba714af3c79ba0f27d5a45cff0a77
01b6ab3fc32a785c2e11624717eaab02adabb8845bf8744de43ad1e395860f48
01ed5024d3b2067a5f268cd76d0d521f482879188c26cc6d809ec8cb2f069c8c
02c7717f1a73910920519a4ea63ff43dd4413989ddb3fdf879862c18de4f8f49
03f510c8d52aedad3e4a1e8cf531554acf5e553832d46e7b2c6e99061d5e6fcd
042b35cc02b8ee5a8844d8dcc8f0611867f9c577b6ced4b4469fdaf4270de18d
044d1cdd7d3b51de955645235d35dbece94a16d56d3b34b98cfc5387af38a534
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05955dd5088f4ea2b09ffafbebc2295066fb7d8d0dab854e4086b74e9bcd13c2
0647aa5d7bbc26ee295f875f2f1376fb16b1eaf66b23b0c9b182278e9de15792
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
078a251a22b7d28f5029dd02b9edd88aa0364e238d271d0c6bc6330a5ac8dc69
0827788cbea4bace2aada86b19d1d894f96bfccb9fe5bb08fa7a1637d317dd78
083e70abc61231f062f9e884cbcfebf44d3b037acf0e5e7ee13cc13f2af4b877
0978a668d27c6fbfc9e04c76cab6787d16e796cb9ac6b4804e57adc61658db8d
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0e4f91c24af7d4834bfe78001a2fbfa7cda78ff16df8aa97e1da0aa1249dff88
0e6f43cdccf156427104a912ce6b54f94b4ff0c5e55b1a485e271d76da570234
0f26954e59757f573c709bcabe82328c10ea5f250fe6a48082eaea2e116bbb8f
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
11e878bf8373be99244aac6611efbdc52f8377001e2a4729f5065fddfe4db0ef
12008ace25713a76a246a9d2fb94db900d05f09e791d19bfcb0eb925494b34f2
123f7ed23b11381696d7f037c4a30e0dec80ac5a322bc13ee6be1450e265a2f1
146d1443f9a245d8859af080ba4edde3f2613fdd3a4751bc45493022d919a865
160544712b9925bf3cc18252778bf373ab98172f0d5aa7045c7217da5428c4e7
17e02888efa09e0fb2e759e30e3e0d4bddd8216f57510b0165bf8abadb22c0fc
17f5ebc24acc5651e3909e11d3357fa414e5f0397a6acf8cf0460071cc448479
183ba2a1c820eddf9b7db3a6e5484b716a31073c4e2be206849189a0694ce1bf
186b22e3ebcdeb9d26926340c1058d27bf5b19f0ff1b9edcbb98450d6bb5e1e2
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019
19e1dbba639ba68ceb71cdada9621e11d0aec6edba410971f1937d6cc4935b32
1a2e4ef5638a519033b71a93b66e2e19b1a213e3108570a7a39875b0e67fd2c7
1a910d1809939ab14b9d05a15c1bc8736f2997bc39b37d576264dfa3b70c9b45
1c36925d76f78d2e4617326a9f6167219aa5e55546d70960e2448eec3f5c6114
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1c4873b593123dd28e54138604b6b9edb204062fb033b836c82228226580ec66
1dc40e577aec7971376ebfdd69cf8eacca8d45c9ac6996249d7849bfb5229c55
1e6573b89edde38e020a0d7cb1460a923f50a7859c696bdcddadbaabd64d3917
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b
240c4fc28b9a4207c2acb6cb643ffa30a815d0769ff8d08a5b5691ef2835fbef
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
27fe70320b1d1016578bc96203633d5afbc9d294eb9b4872b84c436e98a1cee2
2833cc2a0284a7f438e5d735cf1bbaa97f98f4303ef534e38a492f5b0b1a38f4
28ee9d9be5885717957a93f808998e5a98ccce77217576b72dfdbf2dd9a6f8fb
2946d7d4d70c31762b0d468d03f4d463f6f154cdcf22b2ce95a60d729d0800a9
2a0f70b7fe4be061cc5321af449fd78cdc8a07228ab5ec8589bead86e85d2669
2adbba94155c76a5fa673f875a0dda77ea4745012fcac7f3e89147f7f664b70f
2bf797a5984ff76c63008159ec8943d3b2647cdac65f78bdbadd3b2a55ae417a
2c0884853dc57e0e429d1bec631837b0f356b5806e913f00dd2828b3f88b3b6c
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
2dda7ea92135dcf21660d4d79391d303fc38f6a6524ae74bbe2986f1d2e990d5
2ef94821b68badb60db4b00b1c736f0ba12099e5f78dc2f8d57ff8ec2bf8a50d
308c4e6d88f04a969461e675d667aaa91743f6735b6ea0dce138fdbb7b1d3bda
31912aca99b5579054147210fd553d615cf7869d977ce990a735b8826f22d828
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd
31d2017db886adbf0907c1b87399c16c9249cbc2a4878a7a1d424767d6aa9196
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590
33f5e031d6755d3d5e90bef966097c568dacd3e83905f4f474ccc76b9b335293
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37a09687a80cc5ccd13398ef93c7178aabc5a9f7df4043fca54924d68dba2282
3811763c19fe0e22b8cc970bffe4160a6653364a3c220fa3b6ad467c4b29d85c
389fc0acafaaf6726fc3767113714cf9536237eac05c06c6d1b660cdc28c0ad3
3998b3b5f8fb1ed7c7f2e1edc372934e62600bf2a742376d2d14a21906ff7ba6
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382
3ba325dfc91f0fa6db4358dbe13b0a40b94270db90c18bf8cc3de37b5999a078
3cf4c9ca63b5dc4acd2476a63223fa17a05b52787b688cc76560f8dc621a44f2
3e28be919e0b2fda30eead30e124ad16a157e995da4bc4ab2523da84670d8f78
3e5df247c0a91ea4199dd4788c49899eb5baa010daf43ac5fb5c3ba57e107456
3fcab3903453400841c956bb9a362c095503cc31bbe2bcb770900e20a2172198
40df4157af3a823b59c5d2e3cbe3330283409d4573f55a0361d5fa8ad6e1c6fa
410eac8d74c8e3b1f054a5f82514c8b654b0263eabcf95a801b856899dfac9b4
43071adbb33b30e7eaa7129745027e227d9483afe267d73b865756bb19d5578c
435ee449210eb2fa970f92abbe8a3e5aaa298115dda09e796eb90aa4eead9112
436522d1e687ac1925f7bade1d62c546e13bbc5bb880507ceaab0e7e2ea30b6c
4367d4a7bdfc67f36343180432a81ef2831160c20a61529657ed34a3ebced585
447feed7ecdb9ff0a9d1989b533a8be53b4cad398d6e428dc271de64956e0c95
44f1cd9c3c0f4fb19b3eb4b984bfbbe3a4a5750dbb86494d674941777a090414
45bd0cd9231ab533fee21e6b0534387c225ee6a52abbfe24d7218643ab628f08
47681c288066e7250f9c256dfb6d431e1985c6dded89eef186fe30b3ed4bc219
47d7ca288e7f47ac2ccf6594a39838f9e492138f64e302383944724e0f7f481f
48315b5f67940547ef1013c306f32b8798d18bcac1b3b2e9136abd6916ea82a4
4cb9a81af092e367ebcc83f1ba00b76d2ef75e69d734d53e4ae4ade6872e3b10
4e4a746af4be65e364ef0ff9f8bd0d502628f6f6dfb1ee0829d6aacc70c7d253
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
52cb3d448ecca364f956f7936bd685d2d1828686f3639ef2b58cc43da91286d0
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54a5f6b6e229bcae1a84f6c08614287d0770c96b7d2cfeffe9da6c6c90df2364
554c9e6cd4068435f54b6af8937c0c499dcdf008fea229d4139d17c1dad64bfc
5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0
573a9263c1ddb476b398e9cf33a574056cbd89c322acab1991701ea730dde614
5a1b32fb7f961ce3e67112121c149aa1bdb06e1ede8c7cfa84a952f3662055f1
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6
5a98e8d4abe0c964c1dae382af85d802ddfe798395b79adbc949d1979ba0fdb7
5cc925a803eea0cf13c9dbc56a885d897a93429a7982412fd0bac3653e36936d
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5e8db405aac45cd4f3b74e7c56042fc966303abf216700a5fa4f498c7e343ac8
5ea5af104f49606e74ce1fbf5801badb27acb27c52e368df7a84ce567f7540e3
5edac1b24c735b62fa26680ef34c95dfa4c155c0f36889013b691399e498ae0d
60111948f7ff6c6621b9183616896e465889d75bad2c797ad267aa2feedc3efa
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84
623ba67fdee04abb38857d8cb22124da662ae2d95d1ce5033a4df0ddcd444031
62673d192d373a865458bff36d8e024667d3e7c6ebf792c57e95dec5c92b884a
631bd01ce8d20b31eae3f7ead1b3e9d0df293424ed4bfd45c12e0998972bb5e3
634c966cf0cdfc99a9b79f1be238884f537c57b89d4690de5d07bb01735249e1
6358c6ea8da1fcf2fc88c991a803c1a5f63b13247d7c546f1e3365ce17ec484d
636d6a41159082854f368156ad3f01978f76f7d7f79646dd5ac953836b14f09a
63b3b0895d22f399ffa028bc506dec49d423c55074528a0b0f647289f56c7bfc
6614eac161305e6201210710c158426c3b2ea6a4ef2c7da7fde5d236d10d0639
662651cf8f23a6234caf045af60843c07cb8c8730cf62edc886d3db4105defe8
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
696a93e45236b0d3674df0e012ed2581b36ca92473a5569d67542c94387ddf12
69b1a4ad76d94c74e81b6a1ab2669b72ac6e8dd4847e7f9f82b10a2184580517
69d6be8ea3ed63e26b60ba72b3fb686af47e1a91f94a2c18b79f40feae98153e
6bf4f2da8be9277d672112eb0c70c06e809264627b6922b4d481fbda583b5fb1
6d23d10111755a12c87198df1c71cce449de31eca9643030c6327a2157f9bd86
6e355c9865b51cabd36e2c8a45612af71b27b0e75eddcaf71969781de949fbe0
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144
6ff03fb6ccd75de85960f6893743d3b0ab6a6627690024d895dba0b3f186b247
71108f84ae0221880a0b4d030ecc776881a87119a5ed972bf7b8a2c393a237ef
7203ea09edaa0d139ca3e93184c1b5bf8fd55a2e7e9a9f3490b66d1192ee08f8
744e13d0572159405f5d2ed9cef103e95e2c7b7e2d7f4e7110096886a858a616
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
74a4dd0f298b5720ef3403e9e13da0078258c2d1d6bcddd53bde45cf2acdba44
768bfb8797dd876f4dd46d86d9a19bea257e116d1c7a0fa30041b3a7c452309a
7764415add5d4ce89244a6c6f4b0b97e9ee8472d15117c65a4314a1b116c5195
7817d24fae48a7de4fbe7af59036b89f5878161d346948494dc40fb408ff83bd
789497d06f53a6aa96cf981ee0e736ea376931749d9b803603faeec638ea5962
7915b57d17e2d7f11e1b4026bbce5c434f002d13854cf59caed717a47a1480dd
7b08eb7ee4c1627e249c7fdb354a4384f99eb5f2956c2f76726ad5c9138f410d
7b90d5a54119e4123c3eee1b826c10919109142bc819f30d8d81d58894c5045a
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a
7d3aa84684a6ee8b4f5e58f8130a0ceba56ac7457e38bc016a20fcd599c61638
7d596db6a8097c3a10675c9176ada67e39e4dce2e6e16cb9fda9233765a68d48
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
81820f1da3e942d6ec0034aa42e3e417c15dc787e44e14184ad48d6820374228
8231f4ac30ceb5e5981eb77f2fc9f6178c1ae2ad7dbbeec3878d4a05129f28a1
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991
829ffa3929f94c38d2fe5c8772153a5293e343467e2437a2b6033d626ccb70a6
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
836083579963a1d8793843a9cf770849a613296dd5621c78052291b74e5b2df7
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b
85c53261e9a822799495d1924321032d90912ddd5064e443908566de88a604b3
863546a1d85087063b9e40f29e04d8d27a82ad784733eea300c6ffaf4f45564e
866357e628c5d3a6df4f65a3ee96027a04e137b16f573bbb572cdd83d8aecaf7
86b46363ddf2969ae4cd4e4c090274c8536026505b68402caf1d1d61b442d5a5
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3
8a6a6f61762a1eee710848b2eba23ec589b9cadb4421c316c6f6259cc2e8ebf3
8b39b449a17045f6bb5867d270cf44ff0a063b377ecdb8e97d253a4241c0a291
8bea4d68f27a3f991a37172a4b5b9839e673d0d7858a0461b015633eda0aa6b7
8c5dcc91f3552df52e7ffb166b3664b7d92c2ea30c1034607e4ca2524996ea98
8dca189ac940b080a649201268fbf92d8c3801bba049ddb319d9a24ff8656708
8ddd89b4cb82159e5df50047b0294ab10d0fd43dea2437ad1ba1705819bb8b63
8f2e58f0dcda11bcfe8c64dc4bc156694a7c27d110efe50bbbac56738c6c46cc
8fe15fef12dc6001af0ffd0a5e0e230f2a793867fcc21c88b6aff710faabc7c8
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9347fe33d76936db0b551bfbf2b8a4d0f77e37f4a066848b8692738ac46d6adb
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339
94c64f16129178950ae198a21630de846ac0cef148890d92ca07ea212bc39834
96d52fe1220ce59bcb0ae8cb73f498df4d546a89cc51fb1daf48619a92852718
96ffec3c86050fe30342653e5195bc3a3d985792a69e4bbb9a32d6fcf12ce1c1
989bddac66b3270aa14cbc389e8c7868f11c483b98e54ee5d6a8c892a07fd8ad
9ad0e60f15847d8c347e26e1341d56098cf2603e3801be42745b40c297a207dd
9b668fd63cc9b73ab4e0efa6cfd227c62c244a95f54a6a98125ab2f869a87f1a
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9d6368c6eab420dd270dd53602b62f1c2a61b0ee2bda36d38771b750ae1e1c90
9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0
9fb213a77eebf427a1830345beb8bd6821e855c32e8fdfc3c8ee335bf81edb31
a1060ccd00ac1a331996599f103841cf20abcbbdf1e2872273459c035f1a65c4
a10c24830347a8bbddb4ce07da337bae89f1fffc9a24a34bb006ddf58cc809b2
a1e9434f8fd9571b980e6beb487d4366899764501a8e36d6786b10dcc3bac3dd
a2a76c20abfc7b8b7082b366e91dca907e740d9ebd33e2fc2da9e02ac8b8125d
a423a40202e954a79683b3ab518239dcf0e3c2e1ea6a0c786824056ba8a42deb
a42a5cc638643be862a89da92c14367e7124da9fbe89a6200321dca51312a9f9
a48318a5693f53e553b5cf31728f63b87894dee6eb24e296e074a79101989362
a59183305b5edc165b30e0a9dd7d12e23c07aa0706c8a6e0bea700b772921067
a7e97fe8585caa7d9aa1290b6691913ae46e11cbc238b3d842bc483c1648b3c8
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
ac2a58f9d55c4642121cfb6f7e213cbc882bbdd75ef171ca8a07ed982ef693ce
ac5aeae4a76c65b8ac7b2fbd11a82d232e8b82f5672e81b7dc4bc4ac8ac6cc58
ad1693db739adc2b7dbd446a33bc0f5084b8b3431c3255148102c9df0410126e
ad87a0de6b08de9c68d86a0cf81ad41d6c38aefe1447a7583425a835f14d8820
affd87461f2babd57a2f7aec75e9193e8e71a377e8249a02c95a5f43326e289e
b013b37458bfa64631962f01483797b25b0310ca023d6431f4f894a28b6372a4
b23ab750c414b1284278225e6e705748609f97bfaab5f697405c9b458d86a64f
b247cebe9f4ea300b293e46d77920a3027a7b2ca9b160434e25501f0fb49492f
b32af80381c2d348f1564936b85fd5d0dafca7b15b9c5e019326743e8a11b1a5
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad
b34ca706fcd7fc081a57893b1482040ef1f406ceac62d9d00599c8f143b02460
b3ddcffbf7535d59a7af792ec9e42acec4ec3d0c37ce9541ce8355cf63a64311
b45e9bc18f046ea7a3745b21d9a65f07dcdbcc829c96995ba8240aff9f2b0f33
b461ccc36d99fdda246cc283a4854fe2563a34e0a6f2fb60757938663e5eacf5
b4ca3306002fdea20ea5beed011f36e76ea935ac16099a64ad9de314203d9420
b6bdeec47f3b08de017d399bca661bc9c08745f752079597a7e9f3abcf749dad
b754f2bfa5ba5c8eab6b26426aab7443da1afc79cd2b180d2ddb114a63857bf9
b8bd6b641e48a4967dfe5ebcf0509aa6bb54b8b68cf99e6dcef36247158efc18
b99ed6702d19c0d38db8b116cd48ef71372615dd2f22099118f2736464d58900
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbd1aab0969e2d252ca99e52a06cb29f73b6d3532d967a577ed98a3782e4e1b1
bc9beab5890f65386d7f1aeddfbb9c9144fa79c09da7afda82cce10326c76467
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e
c0646e2585b5f3d0af31352fb81fc58d51f7a996d04b1ac6d8ff0fff79946e09
c210e58ef5e0d448c8502bbb5c574c0f3725b3c7997467f832c9fae641493b92
c2b205bc9795a985bcb724634de579ea1e0a4fb886fd0a8e795c127341115153
c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae
c445ec7d04dbd970790138d537cbfc7a3378e1137acbc0a03f05eda28bc3d7e8
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
c5eb88d7bf8b356ab9267ff84ea84380f14f10dadce7cea5362890fb47aa7fc7
c60cef55163e400a5fa224f5665af48c64c87c890248583c29fbf1d2c38827f3
c6e7a125f2d9f74e2da4971e0759694a73dbfc0814177959f4ae7379e5d02f2a
c702e8e81df3c39eae86a183d228d1bb65f7347356c58db7bc06f4bd9a3d184a
c71ba4d7392f4564229904745ba626b8bd32b309d6c434d6fc53f2e8f69b277b
c788704357247ed3f06edc457e364797fbaece92d2ceb73cb41c1d308be984ca
c80d48025a26a4f0bbdf1ddc9c39946249aa90a97518b7c290e98ef0b67954ce
c8abda32c751d75594cb63aeb028346ebcdaef359e6ed6e4daca5534c912656a
c91462cbf9d333da32ddd60f8ee59c6c22d6b84960ee50e8fd5896756c13b992
c9b780e3ca9f0235522a7c18affca0a298ab0688d6549cd024ba5e49b2aa053d
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb
ca10b457c2c0288d3a645291f6328f4c9be428c7f60572a517e1c183432fe777
cbac437ebe13315ccb3303a53280abc3b6dace96fb03614e0fc448227ed7ccc4
cc539f72f46292630397e77daa65b6a239d367fa26380ed477b8336f172ea545
cce87f6d90c5ac3996c4807c524fb75ca6ff63d5eef416084424d272f268353b
ce8599e6ac44e9c37e9e9447e9e0cfef10ebfbe017f851af4117b7c87aae242c
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfad9109f4403206c55334e205956bbbfb7268900d7440e8f1a5a1222ba1e0d2
cfbd9ed57a58c3bd76cac990344ca67a108bf213f4e34454d6c6b7eae0d11892
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d
d063569a76709d97f4eade8e0099f3d85798e392cd41e39d4e93258f2839a23b
d0711d54fa0ac5d5b783bbc9d21c919a5b98bcb7154941fb068cc4321ac94f90
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a
d3b8f02aafe9fa6ddd5ed1e5adb03185180abdddccadf3c00b56315361b93600
d3ebec5a8d8533c78a180976aae60b1c8ec9905f04e1cff4e2fde894eb054b2e
d3fbc0d72bb02d5ecccb9cbfa7db8a22330064c87cff62ccf3bdfb777c85a5b5
d40171a52263c06956f85e7c1729824440461ec3af40390b4a82ac35c8d56078
d44b93a0af159f0d547d7ec89e9227a5667ce1171bc630e6fbf79dae0e596e2d
d5d887f9fb82e87e50d830d07dcbb0b25e018d90ffba63d250a679f9dfa084a7
d7087df0ce71e001e7322e421c9b676df05f74ab8f5e19762988289a094b68d9
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
db0dd5af93ba9a9251ce993a585c6aeb7dc76af839a403baaf4a8aee6101ad71
db90d738b170372e5d64d4eb73f3cc43af957cfef573bc4cbba9f29ceceeebd5
dd4da4423cb55a185907f82557e5df93047f760abd833dcf65b0f7f4eb1533e2
df4a0b146899250b37089ae4e772aebc25b0185aec48356f6c875e6370d0c664
e0a13ccca1b02b55a8ad4c8d4bcd03614adfa5632639d37d53d98dcc104b6289
e1a5117a62e1aa056b0e776765ac8946098c16ffe9d05b18b95b4551db268ae7
e271892e6254ce70eedb71b12b7d59c329c0bf691b1dd12e004df69d3c59f86b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f24b56b7437da2e8c634fae74aae601398104115d1cb36252f2532e1b6a2ba
e43939dee38241caf8e3d3c0a448c4727f9fb14bc0ebab4b206a5c9bbe6beb6d
e5036288354f35c0db33cd193f2bb7f91b0ab7c2c38dc570a727cbf22c3116d4
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85
e62255e1fc17b4841a0b4d86901c25c68b92e1afbfde316ebae6f05158103176
e70a25fb0b14a5bc493ef39826bdd736e8b08de39e4c8e74c45116c823ffdc13
e81e5e66998f1c13eb234f06c4f6e8899742fae9004e0edaba262eb83fef817e
e864c078ca96f8563b4c767790346df39b7bd8f8d8cb1b418c314a1617647bac
e92af92d78628c5d32cceb0efb098a107fee4007f50a8ce7de7d8dcc03d32703
ea7cc8b7d8c467c9bd9626911e2d69c6fd773cf4e3a9d62b6e60d6054f5b17d3
eaaba2b310c57592f2004b09fc5d6a32a7b6c49f2576937078e68210384cdad6
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ee57bafd312f2b764b2692fb483954dab38811fc14d58c896761ae1a008c4c61
ee6f056ce4b3cb3f32104abaf004f4d436d2dc86efb0a72ed097df328b6d0860
ee927c0f8febd54d8dc95a7f74b6aafc749477b15872f5b303162dc477269e34
ee98dab003a387bef34ab9ad230c6093ac561bf3c2e2633be5ecca40c891fb6b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef713c2cf98c2f3b6e76ecdb4ede534b447a8d78fc4d2fd0064b8ab9b67b4c31
f28a8129c4b601ef919fcd907eb0f05bf9d6f2b8f183fbb50b1e208973710988
f54f8d66d10d78105505d3e943182f25a13dddf41b3da86bd68e53cb7b78b00a
f669d4dcd7c10aa6dee1c64c0b7f2820e9fc678f345cbe9b5f37b65a57806f8d
f6ccdf1f95878094583ec5a2d4ae16076f928c56ba681a595afdb5fb54822200
f89b872b09eb62a3605c4beb314af7466ff5744817464229ba4dc54a35ccb025
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
f9d4509685a6b30c3a126508fca5f73213e6005e643ce22a2d8280996e03e7a2
fcea85292584ce2fdfc3391dd6d5213a6406af0402c3b591eb8a9c744d048137
fd507b0b8a80a4b3bfd5a80937e47d103ac5c96b254ef0f2629278225c074009
fe8a3085da8e29286d2cbcae22b88c63fd2cc03ac6e33cadafba75cf15303745
fefd977a8ac715eb04b55cc9eb25d11ae09e6e5b4a95791ba0a2ae51b7903387
ff793d5167b15ff54b84c34e54c3c8d0004d2ef2505c3921f4d00448a1c8a3a8

www.bleepingcomputer.com Open in urlscan Pro 104.20.60.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

537 Requests

94 %HTTPS

34 %IPv6

45 Domains

74 Subdomains

66 IPs

6 Countries

4852 kBTransfer

17260 kBSize

19 Cookies

13 Outgoing links

Page URL History

Redirected requests

537 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.bleepingcomputer.com Open in urlscan Pro
104.20.60.209 Public Scan

Screenshot
Live screenshot

Full Image

537
Requests

94 %
HTTPS

34 %
IPv6

45
Domains

74
Subdomains

66
IPs

6
Countries

4852 kB
Transfer

17260 kB
Size

19
Cookies

537 HTTP transactions
7 data transactions