news.sophos.com Open in urlscan Pro
2a04:fa87:fffd::c000:42c8 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blogs.sophos.com/2016/01/06/the-current-state-of-ransomware-teslacrypt//
Effective URL:
https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Submission: On September 15 via api (September 15th 2020, 9:32:33 pm UTC) from US

Summary HTTP 58 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 25 IPs in 6 countries across 22 domains to perform 58 HTTP transactions. The main IP is 2a04:fa87:fffd::c000:42c8, located in Ireland and belongs to AUTOMATTIC, US. The main domain is news.sophos.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 14th 2020. Valid for: 3 months.

This is the only time news.sophos.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 22	2a04:fa87:fff... 2a04:fa87:fffd::c000:42c8	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:821::2008	15169 (GOOGLE) (GOOGLE)
2	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
6	23.211.153.132 23.211.153.132	16625 (AKAMAI-AS) (AKAMAI-AS)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a02:26f0:10c... 2a02:26f0:10c:58e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1 3	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	104.103.81.108 104.103.81.108	16625 (AKAMAI-AS) (AKAMAI-AS)
1	143.204.201.29 143.204.201.29	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81b::2003	15169 (GOOGLE) (GOOGLE)
1	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	143.204.201.74 143.204.201.74	16509 (AMAZON-02) (AMAZON-02)
2 2	52.49.185.203 52.49.185.203	16509 (AMAZON-02) (AMAZON-02)
1 2	143.204.201.111 143.204.201.111	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
2	162.247.242.20 162.247.242.20	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
58	25

22 2a04:fa87:fffd::c000:42c8 (Ireland) 2 redirects

ASN2635 (AUTOMATTIC, US)

blogs.sophos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
news.sophos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.211.153.132 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-211-153-132.deploy.static.akamaitechnologies.com

www.sophos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:10c:58e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c00::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.103.81.108 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-103-81-108.deploy.static.akamaitechnologies.com

img03.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.29 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-29.fra53.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s20-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.74 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-74.fra53.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.185.203 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-185-203.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.201.111 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-111.fra53.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.242.20 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-8.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	sophos.com 2 redirects blogs.sophos.com news.sophos.com www.sophos.com	821 KB
4	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	19 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
2	nr-data.net bam.nr-data.net	457 B
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	facebook.com www.facebook.com	460 B
2	google.de www.google.de	644 B
2	google.com 1 redirects www.google.com	711 B
2	licdn.com snap.licdn.com	3 KB
2	facebook.net connect.facebook.net	166 KB
2	bing.com bat.bing.com	8 KB
2	wp.com stats.wp.com pixel.wp.com	3 KB
2	gravatar.com secure.gravatar.com	5 KB
2	googletagmanager.com www.googletagmanager.com	67 KB
1	twitter.com analytics.twitter.com	651 B
1	newrelic.com js-agent.newrelic.com	11 KB
1	t.co t.co	448 B
1	googleadservices.com www.googleadservices.com	12 KB
1	demandbase.com scripts.demandbase.com	16 KB
1	en25.com img03.en25.com	3 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
58	22

	Domain	Requested by
21	news.sophos.com	1 redirects news.sophos.com
6	www.sophos.com	news.sophos.com
3	stats.g.doubleclick.net	1 redirects news.sophos.com
2	bam.nr-data.net	js-agent.newrelic.com
2	segments.company-target.com	1 redirects news.sophos.com
2	match.prod.bidr.io	2 redirects
2	px.ads.linkedin.com	1 redirects news.sophos.com
2	www.facebook.com	news.sophos.com connect.facebook.net
2	www.google.de	news.sophos.com
2	www.google.com	1 redirects news.sophos.com
2	snap.licdn.com	news.sophos.com snap.licdn.com
2	connect.facebook.net	news.sophos.com connect.facebook.net
2	bat.bing.com	news.sophos.com
2	secure.gravatar.com	news.sophos.com
2	www.googletagmanager.com	news.sophos.com www.googletagmanager.com
1	analytics.twitter.com	static.ads-twitter.com
1	js-agent.newrelic.com	news.sophos.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	api.company-target.com	scripts.demandbase.com
1	www.linkedin.com	1 redirects
1	t.co	news.sophos.com
1	www.googleadservices.com	www.googletagmanager.com
1	pixel.wp.com	news.sophos.com
1	scripts.demandbase.com	news.sophos.com
1	img03.en25.com	news.sophos.com
1	static.ads-twitter.com	news.sophos.com
1	stats.wp.com	news.sophos.com
1	blogs.sophos.com	1 redirects
58	28

This site contains links to these domains. Also see Links.

Domain
www.sophos.com
secure2.sophos.com
twitter.com
www.facebook.com
www.linkedin.com
blogs.sophos.com
nakedsecurity.sophos.com
www.instagram.com
www.youtube.com
wpvip.com

Subject Issuer	Validity	Valid
news.sophos.com Let's Encrypt Authority X3	`2020-09-14` - `2020-12-13`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
www.sophos.com GlobalSign Extended Validation CA - SHA256 - G3	`2020-05-29` - `2022-05-30`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.en25.com DigiCert SHA2 Secure Server CA	`2020-08-13` - `2021-11-12`	a year	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
www.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-09-09` - `2021-05-07`	8 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Frame ID: 811EE8D283353C1A95661E52EC2AD23E
Requests: 67 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://blogs.sophos.com/2016/01/06/the-current-state-of-ransomware-teslacrypt// HTTP 301
https://news.sophos.com/2016/01/06/the-current-state-of-ransomware-teslacrypt// HTTP 301
https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Page Statistics

58
Requests

100 %
HTTPS

50 %
IPv6

22
Domains

28
Subdomains

25
IPs

6
Countries

1140 kB
Transfer

2365 kB
Size

15
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sophos.com/en-us.aspx
Title: Sophos News

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/products.aspx
Title: Products

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/solutions.aspx
Title: Solutions

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/partners.aspx
Title: Partners

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/support.aspx
Title: Support

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/company.aspx
Title: Company

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/products/free-trials.aspx
Title: Free TrialsAll product trials in one place.

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/products/free-tools.aspx
Title: Free ToolsTry our tools for use at home.

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/products/request-a-quote.aspx
Title: Get PricingThe right price every time.

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/search-results.aspx
Title: Search

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/login.aspx
Title: Sign In

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/company/press.aspx
Title: Press

Search URL Search Domain Scan URL

URL: https://secure2.sophos.com/en-us/company/events.aspx
Title: Events

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/company/community.aspx
Title: Community

Search URL Search Domain Scan URL

URL: https://secure2.sophos.com/en-us/company/careers.aspx
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/company/contact.aspx
Title: Contact

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?text=The%20current%20state%20of%20ransomware%3A%20TeslaCrypt%20https%3A%2F%2Fnews.sophos.com%2F%3Fp%3D30498
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https://news.sophos.com/?p=30498&title=The%20current%20state%20of%20ransomware:%20TeslaCrypt
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-current-state-of-ransomware.pdf?la=en
Title: current state of ransomware

Search URL Search Domain Scan URL

URL: https://blogs.sophos.com/2015/12/17/the-current-state-of-ransomware-cryptowall/
Title: CryptoWall

Search URL Search Domain Scan URL

URL: https://blogs.sophos.com/2015/12/23/the-current-state-of-ransomware-torrentlocker/
Title: TorrentLocker

Search URL Search Domain Scan URL

URL: http://blogs.sophos.com/2015/12/31/the-current-state-of-ransomware-ctb-locker/
Title: CTB-Locker

Search URL Search Domain Scan URL

URL: http://blogs.sophos.com/2015/07/21/a-closer-look-at-the-angler-exploit-kit/
Title: Angler exploit kit

Search URL Search Domain Scan URL

URL: https://nakedsecurity.sophos.com/2015/03/16/teslacrypt-ransomware-attacks-gamers-all-your-files-are-belong-to-us/
Title: related to dozens of games

Search URL Search Domain Scan URL

URL: http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx
Title: Free Virus Removal Tool

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/products/next-gen-firewall.aspx
Title: Install a firewall

Search URL Search Domain Scan URL

URL: http://nakedsecurity.sophos.com/
Title: Mark Stockley

Search URL Search Domain Scan URL

URL: https://secure2.sophos.com/en-us/products/demos.aspx?cmp=70130000001xKqzAAE
Title: Learn More

Search URL Search Domain Scan URL

URL: https://www.facebook.com/securitybysophos

Search URL Search Domain Scan URL

URL: https://www.instagram.com/sophossecurity/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sophos

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/company/rss-feeds.aspx

Search URL Search Domain Scan URL

URL: https://twitter.com/Sophos

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SophosProducts

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/company/careers.aspx
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/partners/partner-locator.aspx
Title: Find a Partner

Search URL Search Domain Scan URL

URL: https://secure2.sophos.com/en-us/support.aspx
Title: Support

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/threat-center/technical-papers.aspx
Title: Technical Papers

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/security-news-trends/whitepapers.aspx
Title: Whitepapers

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/legal.aspx
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/legal/sophos-group-privacy-policy.aspx
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/legal/cookie-information.aspx
Title: Cookie Information

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/legal/modern-slavery-act-transparency-statement.aspx
Title: Modern Slavery Statement

Search URL Search Domain Scan URL

URL: https://wpvip.com/?utm_source=vip_powered_wpcom&utm_medium=web&utm_campaign=VIP%20Footer%20Credit&utm_term=news.sophos.com
Title: WordPress.com VIP

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blogs.sophos.com/2016/01/06/the-current-state-of-ransomware-teslacrypt// HTTP 301
https://news.sophos.com/2016/01/06/the-current-state-of-ransomware-teslacrypt// HTTP 301
https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1861709064&utmhn=news.sophos.com&utme=8(4!CampaignID)9(4!70130000001xKqzAAE)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=The%20current%20state%20of%20ransomware%3A%20TeslaCrypt%20%E2%80%93%20Sophos%20News&utmhid=1453327092&utmr=-&utmp=%2Fcorpblog%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&utmht=1600205536985&utmac=UA-737537-1&utmcc=__utma%3D1.587782235.1600205537.1600205537.1600205537.1%3B%2B__utmz%3D1.1600205537.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1023186070&utmredir=3&utmu=q1CAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-737537-1&cid=587782235.1600205537&jid=1023186070&_v=5.7.2dc&z=1861709064 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-737537-1&cid=587782235.1600205537&jid=1023186070&_v=5.7.2dc&z=1861709064&slf_rd=1&random=3046547158

Request Chain 55

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=461060&url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&time=1600205537041 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D461060%26url%3Dhttps%253A%252F%252Fnews.sophos.com%252Fen-us%252F2016%252F01%252F06%252Fthe-current-state-of-ransomware-teslacrypt%252F%26time%3D1600205537041%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=461060&url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&time=1600205537041&liSync=true

Request Chain 57

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAE5rU6-wmYAAA-0b8ry6g HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAE5rU6-wmYAAA-0b8ry6g&verifyHash=ef3efcb1e172f66c3a88ea446dc1a02cafba79f4

58 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Redirect Chain

https://blogs.sophos.com/2016/01/06/the-current-state-of-ransomware-teslacrypt//
https://news.sophos.com/2016/01/06/the-current-state-of-ransomware-teslacrypt//
https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

63 KB
18 KB

855ms
854ms

Document
text/html

2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx / WordPress VIP <https://wpvip.com>

Resource Hash

969302896de138ee81bfde4ef9fb5249d6db631aec20c162d9f1d2dfb5c37f09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: news.sophos.com
:scheme: https
:path: /en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
server: nginx
date: Tue, 15 Sep 2020 21:32:16 GMT
content-type: text/html; charset=UTF-8
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://news.sophos.com/wp-json/>; rel="https://api.w.org/" <https://news.sophos.com/wp-json/wp/v2/posts/30498>; rel="alternate"; type="application/json" <https://news.sophos.com/?p=30498>; rel=shortlink
content-encoding: gzip
x-rq: fra2 98 163 3119
cache-control: max-age=300, must-revalidate
age: 0
x-cache: miss
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=31536000

Redirect headers

status: 301
server: nginx
date: Tue, 15 Sep 2020 21:32:15 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
host-header: a9130478a60e5f9135f765b23f26593b
x-redirect-by: WordPress
location: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
x-rq: fra2 103 26 3212
cache-control: max-age=300, must-revalidate
age: 0
x-cache: miss
strict-transport-security: max-age=31536000

GET
H2 200 /
news.sophos.com/_static/ 455 KB
198 KB 7ms
6ms Stylesheet
text/css 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://news.sophos.com/_static/??/wp-includes/css/dist/block-library/style.min.css,/wp-content/themes/sophosnews-2017/style.css,/wp-content/mu-plugins/jetpack/css/jetpack.css?m=1599545724

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

36e4be0e26943972be000cccd4db7ba6a5d4f3b7af04c8ace72a99ac5be77e61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
content-encoding: gzip
x-rq: fra2 101 21 3083
last-modified: Fri, 04 Sep 2020 12:11:48 GMT
server: nginx
age: 658808
vary: Accept-Encoding
x-cache: hit
content-type: text/css;charset=utf-8
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 202683

GET
H2 200 / Show response
news.sophos.com/_static/ 118 KB
41 KB 8ms
8ms Script
application/x-javascript 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://news.sophos.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-migrate-1.4.1-wp.js?m=1599545729j

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a1b2c9977dc8804fbb95b11043288b73b3a407db929182d7529e96f6bc6cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
content-encoding: gzip
x-rq: fra2 100 193 3088
last-modified: Sat, 05 Sep 2020 00:32:18 GMT
server: nginx
age: 658809
vary: Accept-Encoding
x-cache: hit
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 41634

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 83 KB
32 KB 19ms
19ms Script
application/javascript 2a00:1450:4001:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5L6H3LN&gtm_auth=d5XceCG5H_eblswmMfURjQ&gtm_preview=env-2&gtm_cookies_win=x

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e2bb32be5b60befc49f5a613d57e2f1e9da6b51005c2b87bc1607c9378cc42a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
content-encoding: br
vary: *
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32574
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 wp-emoji-release.min.js Show response
news.sophos.com/wp-includes/js/ 14 KB
5 KB 6ms
6ms Script
application/x-javascript 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://news.sophos.com/wp-includes/js/wp-emoji-release.min.js?ver=5.5.1

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 1209122
x-cache: hit
status: 200
content-length: 4721
x-rq: fra2 103 20 3279
last-modified: Tue, 01 Sep 2020 19:10:01 GMT
server: nginx
etag: W/"5f4e9c89-37a6"
strict-transport-security: max-age=31536000
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Sep 2021 21:32:16 GMT

GET
H2 200 footer.css
news.sophos.com/wp-content/themes/sophosnews-2017/ 3 KB
1015 B 6ms
6ms Stylesheet
text/css 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://news.sophos.com/wp-content/themes/sophosnews-2017/footer.css

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/_static/??/wp-includes/css/dist/block-library/style.min.css,/wp-content/themes/sophosnews-2017/style.css,/wp-content/mu-plugins/jetpack/css/jetpack.css?m=1599545724

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

29e135bc96ba3ec4a643931a8ef458e48aa372894da5c635433993ea961ab7ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/_static/??/wp-includes/css/dist/block-library/style.min.css,/wp-content/themes/sophosnews-2017/style.css,/wp-content/mu-plugins/jetpack/css/jetpack.css?m=1599545724
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 16486929
x-cache: hit
status: 200
content-length: 880
x-rq: fra2 103 32 3127
last-modified: Fri, 06 Mar 2020 19:04:16 GMT
server: nginx
etag: W/"5e629eb0-a6e"
strict-transport-security: max-age=31536000
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Sep 2021 21:32:16 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f81f3b44c5da8f8b9b365294b2146763d666b9f445e1b2285466910d5361cec5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 435 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 011ee00e2221fd2994156f01b85251391099270cc849857806d6a249481c90ff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 342 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0348edeb29dc1accfecb54a863c8597ea124c1ab9f1a38f3b9e12e953364a05

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 518 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1875cad468466b9b4ea2ebd196b8969f905ab31c20cd5e0a0c2da9b37fa12095

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c8fa9e46358747cc949be0709256687b7ac1f8fd295f0de4073b11a41c534b62

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 469 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04029edaf619462965453e8ac9cf74c584b1ef526c95f71185acc63a696b7f1c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 665 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f2792fa9c99f81eaf3035f2ba7634dd84f42526df8a1f31196912de7e55c815e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 349 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3f510f8a21c09db2bb8f964b3e424fce6a77aea73ac791e9c0c6b8b238405366

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 515 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 633210530499824ad06b2b30a04a9ee18b4b8e2071620691a58c9a476dc728b9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 SophosSans-Regular.woff2
news.sophos.com/wp-content/themes/sophosnews-2017/fonts/ 24 KB
25 KB 94ms
93ms Font
application/font-woff2 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://news.sophos.com/wp-content/themes/sophosnews-2017/fonts/SophosSans-Regular.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c1da7a3d76f2fd71ba637d968b49556520ee94d72a5b60a5d21f34f5e4029ec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://news.sophos.com
Referer: https://news.sophos.com/_static/??/wp-includes/css/dist/block-library/style.min.css,/wp-content/themes/sophosnews-2017/style.css,/wp-content/mu-plugins/jetpack/css/jetpack.css?m=1599545724
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
vary: X-Mobile-Class, X-Query-Args, Accept-Encoding
age: 0
x-cache: miss
status: 200
content-length: 25020
x-rq: fra2 103 26 3212
last-modified: Tue, 08 Sep 2020 06:12:56 GMT
server: nginx
etag: "5f5720e8-61bc"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Sep 2021 21:32:16 GMT

GET
H2 200 SophosSans-Light.woff2
news.sophos.com/wp-content/themes/sophosnews-2017/fonts/ 25 KB
25 KB 7ms
6ms Font
application/font-woff2 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://news.sophos.com/wp-content/themes/sophosnews-2017/fonts/SophosSans-Light.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f4a2fb1bd486b246823cfb9750f25a4323a8f74c23968d4a6fcdd96a65511631

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://news.sophos.com
Referer: https://news.sophos.com/_static/??/wp-includes/css/dist/block-library/style.min.css,/wp-content/themes/sophosnews-2017/style.css,/wp-content/mu-plugins/jetpack/css/jetpack.css?m=1599545724
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
age: 1564
x-cache: hit
status: 200
content-length: 25316
x-rq: fra2 102 67 3183
last-modified: Tue, 08 Sep 2020 06:35:58 GMT
server: nginx
etag: "5f57264e-62e4"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Sep 2021 21:32:16 GMT

GET
H2 200 SophosSans-Medium.woff2
news.sophos.com/wp-content/themes/sophosnews-2017/fonts/ 26 KB
26 KB 7ms
7ms Font
application/font-woff2 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://news.sophos.com/wp-content/themes/sophosnews-2017/fonts/SophosSans-Medium.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d1fabd20a67738775bb84fda3b230d2f007a2c3a6629d327bc8ab4312cb5c0fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://news.sophos.com
Referer: https://news.sophos.com/_static/??/wp-includes/css/dist/block-library/style.min.css,/wp-content/themes/sophosnews-2017/style.css,/wp-content/mu-plugins/jetpack/css/jetpack.css?m=1599545724
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
age: 1564
x-cache: hit
status: 200
content-length: 26532
x-rq: fra2 103 26 3212
last-modified: Tue, 08 Sep 2020 06:12:56 GMT
server: nginx
etag: "5f5720e8-67a4"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Sep 2021 21:32:16 GMT

GET
H2 200 SophosSans-Semibold.woff2
news.sophos.com/wp-content/themes/sophosnews-2017/fonts/ 26 KB
26 KB 94ms
94ms Font
application/font-woff2 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://news.sophos.com/wp-content/themes/sophosnews-2017/fonts/SophosSans-Semibold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f927844e8c953560f5a67112c5dfaab926df93df57f3d8cd062028f1ca80b530

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://news.sophos.com
Referer: https://news.sophos.com/_static/??/wp-includes/css/dist/block-library/style.min.css,/wp-content/themes/sophosnews-2017/style.css,/wp-content/mu-plugins/jetpack/css/jetpack.css?m=1599545724
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
vary: X-Mobile-Class, X-Query-Args, Accept-Encoding
age: 0
x-cache: miss
status: 200
content-length: 26664
x-rq: fra2 98 163 3119
last-modified: Tue, 08 Sep 2020 06:15:24 GMT
server: nginx
etag: "5f57217c-6828"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Sep 2021 21:32:16 GMT

GET
H2 200 ransomware-150.png
news.sophos.com/wp-content/uploads/2015/12/ 13 KB
13 KB 7ms
6ms Image
image/png 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://news.sophos.com/wp-content/uploads/2015/12/ransomware-150.png

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d341d89443ab872198883ea3d22bd2db8028cebbe4843b8b37e3a62bb2a814e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
x-rq: fra2 109 84 443
last-modified: Wed, 28 Aug 2019 19:17:37 GMT
server: nginx
etag: "ef9a4cf2c58f4ab6"
strict-transport-security: max-age=31536000
x-cache: HIT
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 13405
expires: Mon, 06 Sep 2021 12:03:16 GMT

GET
H2 200 figure-1-teslacrypt-obfuscated-landing-page-script.png
news.sophos.com/wp-content/uploads/2016/01/ 39 KB
39 KB 7ms
7ms Image
image/png 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://news.sophos.com/wp-content/uploads/2016/01/figure-1-teslacrypt-obfuscated-landing-page-script.png

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3d2fe81d7dbbf9a8f758c2520843171ed6d54cb014b2100349c0e59e2c8c2676

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
x-rq: fra2 109 139 443
last-modified: Wed, 28 Aug 2019 19:17:04 GMT
server: nginx
etag: "cef8e20b0ea31bc0"
strict-transport-security: max-age=31536000
x-cache: HIT
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 40057
expires: Mon, 13 Sep 2021 20:30:47 GMT

GET
H2 200 figure-2-teslacrypt-deobfuscated-landing-page-script.png
news.sophos.com/wp-content/uploads/2016/01/ 49 KB
49 KB 8ms
7ms Image
image/png 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://news.sophos.com/wp-content/uploads/2016/01/figure-2-teslacrypt-deobfuscated-landing-page-script.png

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

dcd87803fd9545536f05ebb671e522e61a8be5816011ea88e202bb42b9f90fff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
x-rq: fra2 109 32 443
last-modified: Wed, 28 Aug 2019 19:17:09 GMT
server: nginx
etag: "fcad33d4d152902f"
strict-transport-security: max-age=31536000
x-cache: HIT
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 50364
expires: Mon, 13 Sep 2021 20:30:47 GMT

GET
H2 200 figure-3-teslacrypt-file-extension-lists.png
news.sophos.com/wp-content/uploads/2016/01/ 170 KB
170 KB 9ms
8ms Image
image/png 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://news.sophos.com/wp-content/uploads/2016/01/figure-3-teslacrypt-file-extension-lists.png

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

eb603e59ae7ad444d11bc6dbd3f648596ffc8eac7d43707db47d09ca1782055d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
x-rq: fra2 109 83 443
last-modified: Wed, 28 Aug 2019 19:17:30 GMT
server: nginx
etag: "3620f540cd695b4c"
strict-transport-security: max-age=31536000
x-cache: HIT
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 174028
expires: Mon, 13 Sep 2021 20:34:19 GMT

GET
H2 200 avatar-one.png
news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/ 2 KB
2 KB 13ms
9ms Image
image/png 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-one.png

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ea0f02941083c346295eddf8118ad8f439fbb06eeb5da4d26ec180b228c0b110

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
x-rq: fra2 96 217 3228
last-modified: Sat, 08 Aug 2020 13:48:52 GMT
server: nginx
age: 1263277
etag: "5f2ead44-6b3"
strict-transport-security: max-age=31536000
x-cache: hit
content-type: image/png
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1715
expires: Wed, 15 Sep 2021 21:32:16 GMT

GET
H2 200 9dc9c4f274c3087c15eadd281503db84
secure.gravatar.com/avatar/ 3 KB
3 KB 292ms
261ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/9dc9c4f274c3087c15eadd281503db84?s=60&d=blank&r=g
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 27f3ebb3b019c5a4cf97abd557db1c1036aacb8e5132e2a48e1e1e0762d7bd2a

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS ams 4
date: Tue, 15 Sep 2020 21:32:17 GMT
last-modified: Wed, 08 Jun 2016 17:04:40 GMT
server: nginx
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="9dc9c4f274c3087c15eadd281503db84.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/9dc9c4f274c3087c15eadd281503db84?s=60&d=blank&r=g>; rel="canonical"
content-length: 2661
expires: Tue, 15 Sep 2020 21:37:17 GMT

GET
H2 200 avatar-two.png
news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/ 2 KB
2 KB 13ms
10ms Image
image/png 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-two.png

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6a71b6aa693b3084d28e6dfd65755fe543c24278fac68b175b3b5fcdda059577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
x-rq: fra2 102 109 3128
last-modified: Thu, 02 Jul 2020 12:09:55 GMT
server: nginx
age: 2066434
etag: "5efdce93-637"
strict-transport-security: max-age=31536000
x-cache: hit
content-type: image/png
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1591
expires: Wed, 15 Sep 2021 21:32:16 GMT

GET
H2 200 4a3accc0a742c1ee09af28a5dc893fa5
secure.gravatar.com/avatar/ 2 KB
3 KB 41ms
11ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/4a3accc0a742c1ee09af28a5dc893fa5?s=60&d=blank&r=g
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5542bcaca2f9b076bb91f03722895b63a4f141920253194dcf3472e7b5740304

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Tue, 15 Sep 2020 21:32:16 GMT
last-modified: Tue, 03 Jan 2012 22:32:08 GMT
server: nginx
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="4a3accc0a742c1ee09af28a5dc893fa5.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/4a3accc0a742c1ee09af28a5dc893fa5?s=60&d=blank&r=g>; rel="canonical"
content-length: 2363
expires: Tue, 15 Sep 2020 21:37:16 GMT

GET
H2 200 facebook-icon.svg
www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/ 600 B
751 B 340ms
189ms Image
image/svg+xml 23.211.153.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/facebook-icon.svg?la=en&hash=1CA0A5A0E9C9999E7E079A5D32C86E9BF9C7AD1E

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.211.153.132 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-211-153-132.deploy.static.akamaitechnologies.com

Software

Resource Hash

c87eb0c349fe4518e3ffd3d05b3f43f90d4f8709eb7f9924e74e858a6efdb6ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400
content-encoding: gzip
x-content-type-options: nosniff
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=57
content-length: 395
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 26 Nov 2018 11:34:25 GMT
x-frame-options: SAMEORIGIN
date: Tue, 15 Sep 2020 21:32:17 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=300
expires: Tue, 15 Sep 2020 21:37:17 GMT

GET
H2 200 instagram-icon.svg
www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/ 2 KB
1 KB 480ms
329ms Image
image/svg+xml 23.211.153.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/instagram-icon.svg?la=en&hash=2B50C2B67C3023D9E7D4E1C3A16401EAD8F10F76

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.211.153.132 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-211-153-132.deploy.static.akamaitechnologies.com

Software

Resource Hash

9f67d83d034c658809bf7a06ff6d74a417ea25a0005f4561abd5254652b6d7c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400
content-encoding: gzip
x-content-type-options: nosniff
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=195
content-length: 990
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 26 Nov 2018 11:37:54 GMT
x-frame-options: SAMEORIGIN
date: Tue, 15 Sep 2020 21:32:17 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=300
expires: Tue, 15 Sep 2020 21:37:17 GMT

GET
H2 200 linkedin-icon.svg
www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/ 923 B
873 B 667ms
516ms Image
image/svg+xml 23.211.153.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/linkedin-icon.svg?la=en&hash=B6D5378C1E1A16F239A4C862EAE3499B8EC1F3F9

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.211.153.132 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-211-153-132.deploy.static.akamaitechnologies.com

Software

Resource Hash

c6f378c4d31ede24622009dc2d5e85386926ea9881e94326252146bff0fd5110

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400
content-encoding: gzip
x-content-type-options: nosniff
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=389
content-length: 516
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 26 Nov 2018 11:36:13 GMT
x-frame-options: SAMEORIGIN
date: Tue, 15 Sep 2020 21:32:17 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=300
expires: Tue, 15 Sep 2020 21:37:17 GMT

GET
H2 200 rss-icon.svg
www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/ 461 B
661 B 350ms
200ms Image
image/svg+xml 23.211.153.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/rss-icon.svg?la=en&hash=76C4DAFD331DC675814191A66794A778D8C6DCF7

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.211.153.132 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-211-153-132.deploy.static.akamaitechnologies.com

Software

Resource Hash

b7c9fd97a3a7165755766cd3ba55676f6505642b8c522d89d6f0ab0cabaaa8d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400
content-encoding: gzip
x-content-type-options: nosniff
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=42
content-length: 305
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 26 Nov 2018 11:36:16 GMT
x-frame-options: SAMEORIGIN
date: Tue, 15 Sep 2020 21:32:17 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=300
expires: Tue, 15 Sep 2020 21:37:17 GMT

GET
H2 200 twitter-icon.svg
www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/ 1 KB
938 B 335ms
185ms Image
image/svg+xml 23.211.153.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/twitter-icon.svg?la=en&hash=9A90D9F99ABE6454741BBAAF9C3FB6966624C92D

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.211.153.132 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-211-153-132.deploy.static.akamaitechnologies.com

Software

Resource Hash

52600b30637371871a7d5d50ba86cb9a29ad65d75a78824b4daba442c4eee113

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400
content-encoding: gzip
x-content-type-options: nosniff
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=32
content-length: 582
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 26 Nov 2018 11:36:19 GMT
x-frame-options: SAMEORIGIN
date: Tue, 15 Sep 2020 21:32:17 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=300
expires: Tue, 15 Sep 2020 21:37:17 GMT

GET
H2 200 youtube-icon.svg
www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/ 792 B
782 B 337ms
187ms Image
image/svg+xml 23.211.153.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sophos.com/en-us/medialibrary/SophosNext/Images/Navigation/Footer/youtube-icon.svg?la=en&hash=CCCF647AFA78C8DB74D654DB9FEFBF0AC54F42D3

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.211.153.132 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-211-153-132.deploy.static.akamaitechnologies.com

Software

Resource Hash

0ce7b19357902318f5e2db207e64647d6a78d7f9f620ef55a8a07ad2f8e6d798

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400
content-encoding: gzip
x-content-type-options: nosniff
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=19
content-length: 426
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 16 May 2019 15:01:23 GMT
x-frame-options: SAMEORIGIN
date: Tue, 15 Sep 2020 21:32:17 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=300
expires: Tue, 15 Sep 2020 21:37:17 GMT

GET
H2 200 / Show response
news.sophos.com/_static/ 140 KB
40 KB 10ms
8ms Script
application/x-javascript 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://news.sophos.com/_static/??-eJyVkMEOgyAMhl9owDQa42HZoywMO0UpEApze/uxGJMddpCkl/79vjapWD1TzkawUcQJEEiQ85MjCyux+lx1YqZcGXKLBvasec2rHPAt4DOdxKEdyoUCGl4xSDrObxFPUZtyS0n0Uo+2WPQyRAuh2BtlsfLNdklbZdIAtL0VMS9gAbx5c9T2H5RbwDsMv/P9MibmTRq1JSEXTQhR3LIrHi5gZq94qdq+b5u2q5v5A22+yiE=

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e9a31f77d1d0d5c2e091af55a9e5b3f7cb34db8398e145819a351a9a6de8481b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
content-encoding: gzip
x-rq: fra2 101 48 3089
last-modified: Tue, 08 Sep 2020 06:17:47 GMT
server: nginx
age: 658808
vary: Accept-Encoding
x-cache: hit
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 41155

GET
H2 200 e-202038.js Show response
stats.wp.com/ 9 KB
3 KB 93ms
30ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202038.js
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
expires: Sun, 12 Sep 2021 22:41:20 GMT

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 35ms
20ms Script
application/javascript 2a00:1450:4001:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-743773256

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L6H3LN&gtm_auth=d5XceCG5H_eblswmMfURjQ&gtm_preview=env-2&gtm_cookies_win=x

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ab79aafb00f94ca5a773fe1641f8f34c073d2de776c48e89c73985ee0a52483d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35647
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 21:10:35 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 15 Sep 2020 21:32:16 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 26 KB
8 KB 28ms
28ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 20:00:00 GMT
x-msedge-ref: Ref A: D9CD69C2F58649F5B62B24CC937DEC0B Ref B: FRAEDGE1506 Ref C: 2020-09-15T21:32:16Z
status: 200
etag: "0e0bdafab5bd61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8022

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 135 KB
34 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34302
x-xss-protection: 0
pragma: public
x-fb-debug: n/rdsKte6O287LZtFwJkz9cRI0pGzBmFlPzKwL6NJEqWuKqwx7Lh1E1luHF7Jme8uZcN+MZN9Or6A0h8s7VzmQ==
x-fb-trip-id: 2042748335
x-frame-options: DENY
date: Tue, 15 Sep 2020 21:32:16 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
760 B 9ms
9ms Script
application/x-javascript 2a02:26f0:10c:58e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:58e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: a53296dca2db04589f7fd86e7285e37c2c9d0a0270b494bc8d8182efe11d56f7

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 15 Sep 2020 21:32:16 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Sep 2020 19:29:40 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=79353
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 447

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 98ms
31ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
content-encoding: gzip
age: 86399
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4081-HHN
last-modified: Mon, 10 Aug 2020 18:10:59 GMT
x-timer: S1600205537.964647,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 TDR-main.png
news.sophos.com/wp-content/uploads/2020/09/ 45 KB
45 KB 7ms
6ms Image
image/webp 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://news.sophos.com/wp-content/uploads/2020/09/TDR-main.png?w=640

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d2563662c14dad7e3ddf773a730097ee49e4a5d1034dee268c3b526eb9fedcd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
x-rq: fra2 109 200 443
last-modified: Fri, 04 Sep 2020 01:41:56 GMT
server: nginx
etag: "3f50d1abd797f60a"
vary: Accept
x-cache: HIT
content-type: image/webp
status: 200
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 45888
expires: Sat, 04 Sep 2021 01:41:56 GMT

GET
H2 200 sophos-news-ft-img-mtr_v1.png
news.sophos.com/wp-content/uploads/2020/08/ 27 KB
27 KB 8ms
7ms Image
image/webp 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://news.sophos.com/wp-content/uploads/2020/08/sophos-news-ft-img-mtr_v1.png?w=640

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5572c863ab7c9fbc6f64ef41a39b12e7a4a24e3c298989ed9796e9e14f8925d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
x-rq: fra2 109 139 443
last-modified: Thu, 20 Aug 2020 05:58:23 GMT
server: nginx
etag: "43f4777534480100"
vary: Accept
x-cache: HIT
content-type: image/webp
status: 200
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 27584
expires: Fri, 20 Aug 2021 05:58:23 GMT

GET
H2 200 sophos-firewall-best-practices-ft-img-news-article_v1-1.png
news.sophos.com/wp-content/uploads/2020/08/ 27 KB
27 KB 8ms
8ms Image
image/webp 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://news.sophos.com/wp-content/uploads/2020/08/sophos-firewall-best-practices-ft-img-news-article_v1-1.png?w=640

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

38207988848f75b7292ce200b3593d8b3848f34a37523902e4ba174fb4bf30e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
x-rq: fra2 109 32 443
last-modified: Tue, 18 Aug 2020 20:05:25 GMT
server: nginx
etag: "f6e8f17d65f2562c"
vary: Accept
x-cache: HIT
content-type: image/webp
status: 200
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 27958
expires: Wed, 18 Aug 2021 20:05:25 GMT

GET
H2 200 Service-cloud-launch-banner-1200x628px.png
news.sophos.com/wp-content/uploads/2020/08/ 36 KB
36 KB 9ms
9ms Image
image/webp 2a04:fa87:fffd::c000:42c8
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://news.sophos.com/wp-content/uploads/2020/08/Service-cloud-launch-banner-1200x628px.png?w=640

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffd::c000:42c8 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2d7f6235a873326ca383a39c059064437d4e56653f3b8bb2cf00f146600ca662

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:16 GMT
x-rq: fra2 109 86 443
last-modified: Mon, 17 Aug 2020 10:58:03 GMT
server: nginx
etag: "ee8563ac20fb792a"
vary: Accept
x-cache: HIT
content-type: image/webp
status: 200
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 36362
expires: Tue, 17 Aug 2021 10:58:03 GMT

GET
H2 200 dc.js Show response
stats.g.doubleclick.net/ 45 KB
17 KB 16ms
15ms Script
text/javascript 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/dc.js

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/_static/??-eJyVkMEOgyAMhl9owDQa42HZoywMO0UpEApze/uxGJMddpCkl/79vjapWD1TzkawUcQJEEiQ85MjCyux+lx1YqZcGXKLBvasec2rHPAt4DOdxKEdyoUCGl4xSDrObxFPUZtyS0n0Uo+2WPQyRAuh2BtlsfLNdklbZdIAtL0VMS9gAbx5c9T2H5RbwDsMv/P9MibmTRq1JSEXTQhR3LIrHi5gZq94qdq+b5u2q5v5A22+yiE=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 Aug 2020 20:46:40 GMT
server: Golfe2
age: 1375
date: Tue, 15 Sep 2020 21:09:21 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17093
expires: Tue, 15 Sep 2020 23:09:21 GMT

GET
H/1.1 200
OK elqCfg.min.js Show response
img03.en25.com/i/ 6 KB
3 KB 140ms
48ms Script
application/x-javascript 104.103.81.108
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img03.en25.com/i/elqCfg.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.103.81.108 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-103-81-108.deploy.static.akamaitechnologies.com

Software

Resource Hash

6b4ebd6049c806e3eef1bd770b2d8b4fdd75803861ead3584ee753e41988efae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Connection: keep-alive
Content-Length: 2115
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 17 Jul 2020 18:55:09 GMT
Date: Tue, 15 Sep 2020 21:32:17 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-cache, no-store
ETag: "8bc15cb6b5cd61:0"
Accept-Ranges: bytes
Expires: Tue, 15 Sep 2020 21:32:17 GMT

GET
H2 200 WuEFNglz.min.js Show response
scripts.demandbase.com/ 60 KB
16 KB 148ms
68ms Script
application/javascript 143.204.201.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/WuEFNglz.min.js
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.29 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-29.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c41962b29c7f5a6747d94d1aba1a5023612de87897e5a35218daafe8f0b59f4e

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: aSLQtWpSJhV0oSYbyUziT9xzwpc2aU5L
content-encoding: gzip
last-modified: Thu, 03 Sep 2020 14:12:02 GMT
server: AmazonS3
age: 3274
etag: "8a8057a1f6409d59f3e746f1e10db91a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
cache-control: public, max-age=3600
date: Tue, 15 Sep 2020 20:37:44 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: BM9QifGis-tyFyRjqeigV07ExudJkeTIWD-ivz8XuxBi64vCgZi9Hg==
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)

GET
H2 204 0
bat.bing.com/action/ 0
93 B 28ms
27ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4015302&Ver=2&mid=b5843fac-f14d-8607-3592-96ba03a33286&sid=6645fb714fac541ee04817d9dad68a16&vid=9629be55dc10f240c7285345409013d7&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=The%20current%20state%20of%20ransomware%3A%20TeslaCrypt%20%E2%80%93%20Sophos%20News&p=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&r=&lt=1548&evt=pageLoad&msclkid=N&sv=1&rn=670634
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Tue, 15 Sep 2020 21:32:16 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 04B2B051832D4E63907748C01F2DFEE5 Ref B: FRAEDGE1506 Ref C: 2020-09-15T21:32:16Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:10c:58e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:58e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 15 Sep 2020 21:32:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Sep 2020 20:29:41 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=79483
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 334990480506518 Show response
connect.facebook.net/signals/config/ 524 KB
132 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/334990480506518?v=2.9.24&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

77b433f6f4738938e3b406563a19907b4582f37a91c979cad6d7177c9aedbbba

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 134905
x-xss-protection: 0
pragma: public
x-fb-debug: CHZVfsQVc3EfUmhWyr5N9rby1j9x60ys0M4gke1IBavhT/9FCmy4tC90OKjtGGQmdpRQf9OE55aALtNYufxbeA==
x-fb-trip-id: 2042748335
x-frame-options: DENY
date: Tue, 15 Sep 2020 21:32:16 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 30ms
29ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A8.9&blog=166161023&post=30498&tz=-4&srv=news.sophos.com&host=news.sophos.com&ref=&fcp=1442&rand=0.13421234127530135
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 15 Sep 2020 21:32:17 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1861709064&utmhn=news.sophos.com&utme=8(4!CampaignID)9(4!70130000001xKqzAAE)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=...
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-737537-1&cid=587782235.1600205537&jid=1023186070&_v=5.7.2dc&z=1861709064
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-737537-1&cid=587782235.1600205537&jid=1023186070&_v=5.7.2dc&z=1861709064&slf_rd=1&random=3046547158

42 B
106 B

19ms
18ms

Image
image/gif

2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-737537-1&cid=587782235.1600205537&jid=1023186070&_v=5.7.2dc&z=1861709064&slf_rd=1&random=3046547158

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Sep 2020 21:32:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Sep 2020 21:32:17 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-737537-1&cid=587782235.1600205537&jid=1023186070&_v=5.7.2dc&z=1861709064&slf_rd=1&random=3046547158
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 __utm.gif
stats.g.doubleclick.net/r/ 35 B
420 B 30ms
16ms Image
image/gif 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=727485853&utmhn=news.sophos.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=The%20current%20state%20of%20ransomware%3A%20TeslaCrypt%20%E2%80%93%20Sophos%20News&utmhid=1453327092&utmr=-&utmp=%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&utmht=1600205536990&utmac=UA-737537-53&utmcc=__utma%3D204943247.676013807.1600205537.1600205537.1600205537.1%3B%2B__utmz%3D204943247.1600205537.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1160553750&utmredir=3&utmmt=1&utmu=q1CgAAAAAAAAAAAAAAAAAAgE~

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 15 Sep 2020 21:32:17 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
12 KB 144ms
55ms Script
text/javascript 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-743773256

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11311
x-xss-protection: 0
server: cafe
etag: 12833363978352728442
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 15 Sep 2020 21:32:17 GMT

GET
H2 200 adsct
t.co/i/ 43 B
448 B 240ms
163ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o4apa&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 123
pragma: no-cache
last-modified: Tue, 15 Sep 2020 21:32:17 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 7eff92524c77a97f583b1a0b40575124
x-transaction: 00e5631f0092e5b9
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
377 B 18ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=334990480506518&ev=PageView&dl=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&rl=&if=false&ts=1600205537034&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1600205537033.989910679&it=1600205536971&coo=false&rqm=GET

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:17 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 15 Sep 2020 21:32:17 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=461060&url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&time=1600205537041
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D461060%26url%3Dhttps%253A%252F%252Fnews.sophos.com%252Fen-us%252F2016%252F01%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=461060&url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&time=1600205537041&liSync=true

0
40 B

109ms
108ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=461060&url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&time=1600205537041&liSync=true
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:17 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: ePOePHUSNRbABxFpNisAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: cjy4OHUSNRZAxrF+AysAAA==
pragma: no-cache
x-li-pop: afd-prod-edc2
x-msedge-ref: Ref A: 553769C6DCD94DB7BD2B44EEF93237F9 Ref B: FRAEDGE1220 Ref C: 2020-09-15T21:32:17Z
x-frame-options: sameorigin
date: Tue, 15 Sep 2020 21:32:17 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=461060&url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&time=1600205537041&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 436 B
938 B 146ms
73ms XHR
application/json 143.204.201.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&page_title=The%20current%20state%20of%20ransomware%3A%20TeslaCrypt%20%E2%80%93%20Sophos%20News&src=tag&key=f2514e2223f271de300b1908c2c90c911bed78d7
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/WuEFNglz.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.74 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-74.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: 0d24e9923edbf8af778b0e4b424f25f68e5eaf62a395eb7a2242206bf4955b30

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:17 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
status: 200
request-id: 02759884-0cf5-4904-ac9a-62d2e1967e9b
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://news.sophos.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 61adf71a363fe0f836dc69dbb43de824.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QZg4LU_Tosulf5yvJJFcm6tH-pL_MWGYBoGobph_A5KxpcpQF8acdg==
expires: Mon, 14 Sep 2020 21:32:17 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAE5rU6-wmYAAA-0b8ry6g
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAE5rU6-wmYAAA-0b8ry6g&verifyHash=ef3efcb1e172f66c3a88ea446dc1a02cafba79f4

26 B
409 B

217ms
217ms

Image
image/gif

143.204.201.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAE5rU6-wmYAAA-0b8ry6g&verifyHash=ef3efcb1e172f66c3a88ea446dc1a02cafba79f4
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.111 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-111.fra53.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 15 Sep 2020 21:32:17 GMT
Via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 9c658ad649c7002e
X-Amz-Cf-Id: jnm-I3oYJ4S6CmuVF2DOp702Z5xdSIG7Jym8OFYd1PcR-UXu6XHWXQ==

Redirect headers

Date: Tue, 15 Sep 2020 21:32:17 GMT
Via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAE5rU6-wmYAAA-0b8ry6g&verifyHash=ef3efcb1e172f66c3a88ea446dc1a02cafba79f4
Connection: keep-alive
trace-id: 4a3d9dace2b5b9b1
Content-Length: 0
X-Amz-Cf-Id: 5sHbbjg_GynRMyxErFUsqpYv59Bz2AMWPX66KZwd9qtk79k5drBHnA==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/743773256/ 2 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/743773256/?random=1600205537214&cv=9&fst=1600205537214&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa920&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&tiba=The%20current%20state%20of%20ransomware%3A%20TeslaCrypt%20%E2%80%93%20Sophos%20News&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a771e6b68a86a4c3998ff4c3ce98648c89d70fab0d72558c380a40a8112fdc1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Sep 2020 21:32:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1092
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/743773256/ 42 B
538 B 51ms
38ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/743773256/?random=1600205537214&cv=9&fst=1600203600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa920&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&tiba=The%20current%20state%20of%20ransomware%3A%20TeslaCrypt%20%E2%80%93%20Sophos%20News&async=1&fmt=3&is_vtc=1&random=1031598145&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Sep 2020 21:32:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/743773256/ 42 B
538 B 42ms
27ms Image
image/gif 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/743773256/?random=1600205537214&cv=9&fst=1600203600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa920&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F&tiba=The%20current%20state%20of%20ransomware%3A%20TeslaCrypt%20%E2%80%93%20Sophos%20News&async=1&fmt=3&is_vtc=1&random=1031598145&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Sep 2020 21:32:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
83 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAy0LN7e08WusQqIA

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 15 Sep 2020 21:32:17 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://news.sophos.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 nr-1177.min.js Show response
js-agent.newrelic.com/ 27 KB
11 KB 93ms
30ms Script
application/javascript 151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1177.min.js
Requested by: Host: news.sophos.com
URL: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 67f243af83cf56b2fd0fb502ab9f7a8533500e2571b4459d5bf6f6481a2da4ca

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:17 GMT
content-encoding: gzip
x-amz-request-id: 4F930AF2622C2177
x-cache: HIT
status: 200
content-length: 10405
x-amz-id-2: U7tObmI036MTRpBI0DMqANsZED0ff6ySLFb6J6xUAvrjeydJkzxfcOtpUXwF34MJgKtcfhq4e+o=
x-served-by: cache-hhn4061-HHN
last-modified: Tue, 18 Aug 2020 17:23:32 GMT
server: AmazonS3
x-timer: S1600205538.877730,VS0,VE0
etag: "97c8d5802b0de603104986846cdc509a"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2069

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
651 B 247ms
169ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o4apa&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2016%2F01%2F06%2Fthe-current-state-of-ransomware-teslacrypt%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 21:32:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 130
pragma: no-cache
last-modified: Tue, 15 Sep 2020 21:32:17 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d76d347eef2dac5320b545d236407523
x-transaction: 00054b8600adbbd1
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK d54750faa8 Show response
bam.nr-data.net/1/ 57 B
275 B 486ms
122ms Script
text/javascript 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/d54750faa8?a=321742741&v=1177.96a4d39&to=MwFabEFYDBJXB0ZbWgpLeVtHUA0PGRdbXFIIAQ%3D%3D&rst=2529&ck=1&ref=https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/&ap=757&be=1322&fe=2431&dc=1529&perf=%7B%22timing%22:%7B%22of%22:1600205535369,%22n%22:0,%22f%22:459,%22dn%22:459,%22dne%22:459,%22c%22:459,%22ce%22:459,%22rq%22:460,%22rp%22:1314,%22rpe%22:1400,%22dl%22:1317,%22di%22:1529,%22ds%22:1529,%22de%22:1548,%22dc%22:2431,%22l%22:2431,%22le%22:2436%7D,%22navigation%22:%7B%7D%7D&fp=1441&fcp=1441&at=H0ZNGglCH00UBRAIThkZ&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1177.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

POST
H/1.1 200
OK d54750faa8 Show response
bam.nr-data.net/events/1/ 24 B
182 B 123ms
122ms XHR
image/gif 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/d54750faa8?a=321742741&v=1177.96a4d39&to=MwFabEFYDBJXB0ZbWgpLeVtHUA0PGRdbXFIIAQ%3D%3D&rst=12529&ck=1&ref=https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1177.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://news.sophos.com/en-us/2016/01/06/the-current-state-of-ransomware-teslacrypt/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://news.sophos.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sophos.com/	1970-01-19 14:39:41	Name: _fbp Value: fb.1.1600205537033.989910679
.news.sophos.com/	1970-01-19 12:30:07	Name: __utmb Value: 204943247.1.10.1600205537
.news.sophos.com/	1970-01-19 16:52:53	Name: __utmz Value: 204943247.1600205537.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.sophos.com/	1970-01-19 16:52:53	Name: __utmz Value: 1.1600205537.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.sophos.com/	1970-01-19 12:30:07	Name: __utmb Value: 1.1.10.1600205537
.sophos.com/	1970-01-19 12:30:06	Name: __utmt Value: 1
.sophos.com/	1970-01-19 12:53:29	Name: _uetvid Value: 9629be55dc10f240c7285345409013d7
.news.sophos.com/	1970-01-20 06:01:17	Name: __utma Value: 204943247.676013807.1600205537.1600205537.1600205537.1
.sophos.com/	1969-12-31 23:59:59	Name: __utmc Value: 1
.sophos.com/	1970-01-19 12:31:31	Name: _uetsid Value: 6645fb714fac541ee04817d9dad68a16
.sophos.com/	1970-01-20 06:01:17	Name: __utma Value: 1.587782235.1600205537.1600205537.1600205537.1
.news.sophos.com/	1970-01-19 12:30:06	Name: __utmt_news Value: 1
.sophos.com/	1970-01-19 16:49:17	Name: CampaignID Value: 70130000001xKqzAAE
.news.sophos.com/	1969-12-31 23:59:59	Name: __utmc Value: 204943247
.sophos.com/	1970-01-19 14:39:41	Name: _gcl_au Value: 1.1.552307216.1600205537

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://news.sophos.com/_static/??/wp-includes/js/jquery/jquery.js,/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-migrate-1.4.1-wp.js?m=1599545729j(Line 29) Message: JQMIGRATE: Migrate is installed with logging active, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.company-target.com
bam.nr-data.net
bat.bing.com
blogs.sophos.com
connect.facebook.net
googleads.g.doubleclick.net
img03.en25.com
js-agent.newrelic.com
match.prod.bidr.io
news.sophos.com
pixel.wp.com
px.ads.linkedin.com
scripts.demandbase.com
secure.gravatar.com
segments.company-target.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
stats.wp.com
t.co
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.sophos.com
104.103.81.108
104.244.42.131
104.244.42.133
143.204.201.111
143.204.201.29
143.204.201.74
151.101.112.157
151.101.114.110
162.247.242.20
192.0.76.3
216.58.206.2
23.211.153.132
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::2004
2a00:1450:4001:816::2002
2a00:1450:4001:81b::2003
2a00:1450:4001:821::2008
2a00:1450:400c:c00::9c
2a02:26f0:10c:58e::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:fa87:fffd::c000:42c8
2a04:fa87:fffe::c000:4902
2a05:f500:10:101::b93f:9105
52.49.185.203
011ee00e2221fd2994156f01b85251391099270cc849857806d6a249481c90ff
04029edaf619462965453e8ac9cf74c584b1ef526c95f71185acc63a696b7f1c
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0ce7b19357902318f5e2db207e64647d6a78d7f9f620ef55a8a07ad2f8e6d798
0d24e9923edbf8af778b0e4b424f25f68e5eaf62a395eb7a2242206bf4955b30
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1875cad468466b9b4ea2ebd196b8969f905ab31c20cd5e0a0c2da9b37fa12095
27f3ebb3b019c5a4cf97abd557db1c1036aacb8e5132e2a48e1e1e0762d7bd2a
29e135bc96ba3ec4a643931a8ef458e48aa372894da5c635433993ea961ab7ae
2d7f6235a873326ca383a39c059064437d4e56653f3b8bb2cf00f146600ca662
36e4be0e26943972be000cccd4db7ba6a5d4f3b7af04c8ace72a99ac5be77e61
38207988848f75b7292ce200b3593d8b3848f34a37523902e4ba174fb4bf30e5
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3d2fe81d7dbbf9a8f758c2520843171ed6d54cb014b2100349c0e59e2c8c2676
3f510f8a21c09db2bb8f964b3e424fce6a77aea73ac791e9c0c6b8b238405366
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
52600b30637371871a7d5d50ba86cb9a29ad65d75a78824b4daba442c4eee113
5542bcaca2f9b076bb91f03722895b63a4f141920253194dcf3472e7b5740304
5572c863ab7c9fbc6f64ef41a39b12e7a4a24e3c298989ed9796e9e14f8925d3
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
633210530499824ad06b2b30a04a9ee18b4b8e2071620691a58c9a476dc728b9
67f243af83cf56b2fd0fb502ab9f7a8533500e2571b4459d5bf6f6481a2da4ca
6a71b6aa693b3084d28e6dfd65755fe543c24278fac68b175b3b5fcdda059577
6b4ebd6049c806e3eef1bd770b2d8b4fdd75803861ead3584ee753e41988efae
6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b
77b433f6f4738938e3b406563a19907b4582f37a91c979cad6d7177c9aedbbba
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
969302896de138ee81bfde4ef9fb5249d6db631aec20c162d9f1d2dfb5c37f09
9f67d83d034c658809bf7a06ff6d74a417ea25a0005f4561abd5254652b6d7c6
a1b2c9977dc8804fbb95b11043288b73b3a407db929182d7529e96f6bc6cf940
a53296dca2db04589f7fd86e7285e37c2c9d0a0270b494bc8d8182efe11d56f7
a771e6b68a86a4c3998ff4c3ce98648c89d70fab0d72558c380a40a8112fdc1e
ab79aafb00f94ca5a773fe1641f8f34c073d2de776c48e89c73985ee0a52483d
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b0348edeb29dc1accfecb54a863c8597ea124c1ab9f1a38f3b9e12e953364a05
b7c9fd97a3a7165755766cd3ba55676f6505642b8c522d89d6f0ab0cabaaa8d7
c1da7a3d76f2fd71ba637d968b49556520ee94d72a5b60a5d21f34f5e4029ec4
c41962b29c7f5a6747d94d1aba1a5023612de87897e5a35218daafe8f0b59f4e
c6f378c4d31ede24622009dc2d5e85386926ea9881e94326252146bff0fd5110
c87eb0c349fe4518e3ffd3d05b3f43f90d4f8709eb7f9924e74e858a6efdb6ed
c8fa9e46358747cc949be0709256687b7ac1f8fd295f0de4073b11a41c534b62
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
d1fabd20a67738775bb84fda3b230d2f007a2c3a6629d327bc8ab4312cb5c0fe
d2563662c14dad7e3ddf773a730097ee49e4a5d1034dee268c3b526eb9fedcd2
d341d89443ab872198883ea3d22bd2db8028cebbe4843b8b37e3a62bb2a814e3
dcd87803fd9545536f05ebb671e522e61a8be5816011ea88e202bb42b9f90fff
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e2bb32be5b60befc49f5a613d57e2f1e9da6b51005c2b87bc1607c9378cc42a6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9a31f77d1d0d5c2e091af55a9e5b3f7cb34db8398e145819a351a9a6de8481b
ea0f02941083c346295eddf8118ad8f439fbb06eeb5da4d26ec180b228c0b110
eb603e59ae7ad444d11bc6dbd3f648596ffc8eac7d43707db47d09ca1782055d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2792fa9c99f81eaf3035f2ba7634dd84f42526df8a1f31196912de7e55c815e
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4a2fb1bd486b246823cfb9750f25a4323a8f74c23968d4a6fcdd96a65511631
f81f3b44c5da8f8b9b365294b2146763d666b9f445e1b2285466910d5361cec5
f927844e8c953560f5a67112c5dfaab926df93df57f3d8cd062028f1ca80b530

news.sophos.com Open in urlscan Pro 2a04:fa87:fffd::c000:42c8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

58 Requests

100 %HTTPS

50 %IPv6

22 Domains

28 Subdomains

25 IPs

6 Countries

1140 kBTransfer

2365 kBSize

15 Cookies

45 Outgoing links

Page URL History

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

news.sophos.com Open in urlscan Pro
2a04:fa87:fffd::c000:42c8 Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

100 %
HTTPS

50 %
IPv6

22
Domains

28
Subdomains

25
IPs

6
Countries

1140 kB
Transfer

2365 kB
Size

15
Cookies

58 HTTP transactions
9 data transactions