securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Submission Tags: falconsandbox
Submission: On November 29 via api (November 29th 2020, 11:12:16 pm UTC) from US

Summary HTTP 219 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 38 IPs in 6 countries across 34 domains to perform 219 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust RSA CA 2018 on March 8th 2020. Valid for: a year.

This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
43	2001:8d8:100f... 2001:8d8:100f:f000::289	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2600:9000:219... 2600:9000:2190:b800:3:c04e:c780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:219... 2600:9000:2190:6600:1c:8a07:5e80:93a1	16509 (AMAZON-02) (AMAZON-02)
7	68.183.31.14 68.183.31.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
5	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
27	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
27	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2600:9000:219... 2600:9000:2190:a00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	2600:9000:219... 2600:9000:2190:7200:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:303... 2606:4700:3035::ac43:9180	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.195.43.194 18.195.43.194	16509 (AMAZON-02) (AMAZON-02)
15	23.212.156.24 23.212.156.24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
6	2606:4700:20:... 2606:4700:20::681a:a9c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2	52.58.124.95 52.58.124.95	16509 (AMAZON-02) (AMAZON-02)
2	198.148.27.134 198.148.27.134	19189 (PULSEPOINT) (PULSEPOINT)
2	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	37.252.173.38 37.252.173.38	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	2606:2800:233... 2606:2800:233:97b6:26be:138a:cba8:bb01	15133 (EDGECAST) (EDGECAST)
1	104.19.133.78 104.19.133.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	54.183.20.34 54.183.20.34	16509 (AMAZON-02) (AMAZON-02)
3 19	2a00:1450:400... 2a00:1450:4001:81f::2002	15169 (GOOGLE) (GOOGLE)
2	172.217.18.162 172.217.18.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:820::2001	15169 (GOOGLE) (GOOGLE)
2 6	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
2	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	54.195.113.118 54.195.113.118	16509 (AMAZON-02) (AMAZON-02)
11	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
4 4	3.126.158.103 3.126.158.103	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 2	185.29.132.21 185.29.132.21	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	213.19.147.151 213.19.147.151	3356 (LEVEL3) (LEVEL3)
2 2	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	216.58.207.34 216.58.207.34	15169 (GOOGLE) (GOOGLE)
2 2	18.195.7.149 18.195.7.149	16509 (AMAZON-02) (AMAZON-02)
219	38

43 2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

securityaffairs.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:b800:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:6600:1c:8a07:5e80:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

served-by.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2.18.235.93 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:a00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:7200:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::ac43:9180 (United States)

ASN13335 (CLOUDFLARENET, US)

seguranca-informatica.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.43.194 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-43-194.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 23.212.156.24 (United States)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-212-156-24.deploy.static.akamaitechnologies.com

lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:a9c (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.162.133.150 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.124.95 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-124-95.eu-central-1.compute.amazonaws.com

ice.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.134 (New York, United States)

ASN19189 (PULSEPOINT, US)

bid.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

pixfuture2-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.173.38 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:233:97b6:26be:138a:cba8:bb01 (United States) 2 redirects

ASN15133 (EDGECAST, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.133.78 (United States)

ASN13335 (CLOUDFLARENET, US)

prebid.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.183.20.34 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-183-20-34.us-west-1.compute.amazonaws.com

navvy.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:820::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 198.148.27.139 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.130 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.195.113.118 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-195-113-118.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 178.162.133.149 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.158.103 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.21 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.151 (United Kingdom) 2 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.129 (Netherlands) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.207.34 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s24-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.7.149 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	media.net contextual.media.net lg3.media.net navvy.media.net	471 KB
43	securityaffairs.co securityaffairs.co	2 MB
29	wp.com i2.wp.com i0.wp.com i1.wp.com stats.wp.com pixel.wp.com	456 KB
13	sonobi.com apex.go.sonobi.com sync.go.sonobi.com	10 KB
13	pixfuture.com served-by.pixfuture.com cdn.pixfuture.com	891 KB
12	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	263 KB
8	contextweb.com 2 redirects bid.contextweb.com bh.contextweb.com	2 KB
7	doubleclick.net 4 redirects googleads.g.doubleclick.net cm.g.doubleclick.net	559 B
6	google-analytics.com www.google-analytics.com google-analytics.com	38 KB
5	twitter.com platform.twitter.com	31 KB
5	sharethis.com ws.sharethis.com platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com	40 KB
4	bidswitch.net 4 redirects x.bidswitch.net	2 KB
4	adnxs.com ib.adnxs.com acdn.adnxs.com	2 KB
4	openx.net pixfuture2-d.openx.net eu-u.openx.net	922 B
4	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	178 B
3	adsrvr.org 3 redirects match.adsrvr.org	1 KB
3	advertising.com 2 redirects adserver-us.adtech.advertising.com	693 B
2	creative-serving.com 2 redirects ads.creative-serving.com	1 KB
2	rfihub.com 2 redirects p.rfihub.com	1 KB
2	1rx.io 2 redirects sync.1rx.io	646 B
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	googletagservices.com www.googletagservices.com	55 KB
2	google.com adservice.google.com	2 KB
2	google.de adservice.google.de	2 KB
2	googleadservices.com partner.googleadservices.com	1 KB
2	360yield.com ice.360yield.com	621 B
2	facebook.net connect.facebook.net	62 KB
1	mookie1.com odr.mookie1.com	324 B
1	mgid.com prebid.mgid.com	595 B
1	w.org s.w.org	970 B
1	seguranca-informatica.pt seguranca-informatica.pt
1	consensu.org c.sharethis.mgr.consensu.org
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
0	googleapis.com Failed fonts.googleapis.com Failed
219	34

	Domain	Requested by
43	securityaffairs.co	securityaffairs.co
27	contextual.media.net	securityaffairs.co contextual.media.net
15	lg3.media.net	securityaffairs.co contextual.media.net
11	sync.go.sonobi.com
11	i2.wp.com	securityaffairs.co
10	i1.wp.com	securityaffairs.co
8	pagead2.googlesyndication.com	cdn.pixfuture.com pagead2.googlesyndication.com
7	served-by.pixfuture.com	securityaffairs.co served-by.pixfuture.com
6	bh.contextweb.com	2 redirects cdn.pixfuture.com
6	navvy.media.net	contextual.media.net
6	cdn.pixfuture.com	served-by.pixfuture.com cdn.pixfuture.com
6	i0.wp.com	securityaffairs.co
5	www.google-analytics.com	securityaffairs.co www.google-analytics.com google-analytics.com
5	platform.twitter.com	securityaffairs.co platform.twitter.com
4	cm.g.doubleclick.net	4 redirects
4	x.bidswitch.net	4 redirects
4	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
3	match.adsrvr.org	3 redirects
3	googleads.g.doubleclick.net	pagead2.googlesyndication.com
3	adserver-us.adtech.advertising.com	2 redirects securityaffairs.co
2	ads.creative-serving.com	2 redirects
2	p.rfihub.com	2 redirects
2	sync.1rx.io	2 redirects
2	sync.mathtag.com	2 redirects
2	acdn.adnxs.com	cdn.pixfuture.com
2	ads.pubmatic.com	cdn.pixfuture.com
2	eu-u.openx.net	cdn.pixfuture.com
2	www.googletagservices.com	pagead2.googlesyndication.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	partner.googleadservices.com	pagead2.googlesyndication.com
2	ib.adnxs.com	cdn.pixfuture.com
2	pixfuture2-d.openx.net	cdn.pixfuture.com
2	hbopenbid.pubmatic.com	cdn.pixfuture.com
2	bid.contextweb.com	cdn.pixfuture.com
2	ice.360yield.com	cdn.pixfuture.com
2	apex.go.sonobi.com	cdn.pixfuture.com
2	l.sharethis.com	ws.sharethis.com securityaffairs.co
2	connect.facebook.net	securityaffairs.co connect.facebook.net
1	odr.mookie1.com
1	prebid.mgid.com	cdn.pixfuture.com
1	pixel.wp.com	securityaffairs.co
1	s.w.org	securityaffairs.co
1	seguranca-informatica.pt	securityaffairs.co
1	c.sharethis.mgr.consensu.org	ws.sharethis.com
1	google-analytics.com	securityaffairs.co
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.co
1	platform-api.sharethis.com	securityaffairs.co
1	ws.sharethis.com	securityaffairs.co
1	maxcdn.bootstrapcdn.com	securityaffairs.co
0	fonts.googleapis.com Failed	securityaffairs.co
219	52

This site contains links to these domains. Also see Links.

Domain
seguranca-informatica.pt
twitter.com
www.linkedin.com
www.facebook.com
reddit.com
www.pinterest.com
plus.google.com
www.tumblr.com
www.cssii.unifi.it

Subject Issuer	Validity	Valid
www.securityaffairs.co GeoTrust RSA CA 2018	`2020-03-08` - `2021-04-07`	a year	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-09-22` - `2021-10-12`	a year	crt.sh
sharethis.com Amazon	`2020-08-17` - `2021-09-16`	a year	crt.sh
*.pixfuture.com Sectigo RSA Domain Validation Secure Server CA	`2019-12-03` - `2021-12-02`	2 years	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-11-02` - `2021-01-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
sharethis.mgr.consensu.org Amazon	`2020-05-05` - `2021-06-05`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-09` - `2021-08-09`	a year	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2019-12-19` - `2021-12-18`	2 years	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2019-02-01` - `2021-02-04`	2 years	crt.sh
*.360yield.com Amazon	`2020-08-26` - `2021-09-26`	a year	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh
*.mookie1.com DigiCert SHA2 Secure Server CA	`2020-02-21` - `2021-03-22`	a year	crt.sh

This page contains 38 frames:

Primary Page: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Frame ID: F2AB00CE2DB04D0029BEEB7FAF43CA75
Requests: 111 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal-v2.html
Frame ID: 802693CF326FCEE210B1D81900B495DC
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=silab,lockergoga,is,most,active,ransomware,against,companiessecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Frame ID: E493F07249ACA0F035D573E44E99878A
Requests: 1 HTTP requests in this frame

Frame: https://seguranca-informatica.pt/si-lab-lockergoga-is-the-most-active-ransomware-that-focuses-on-targeting-companies-and-bypass-av-signature-based-detection/embed/
Frame ID: A69CBFDD3037597E6C7695518296574F
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=silab,lockergoga,is,most,active,ransomware,against,companiessecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Frame ID: 12D9E08711AC74AC3E2D5A2DDE94BC41
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=silab,lockergoga,is,most,active,ransomware,against,companiessecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Frame ID: 14F2A0D5450B0F3ED88D152E7A82661C
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: BDE57F2469F01AEE3A74E73A4E31D348
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fsecurityaffairs.co
Frame ID: BCC1B78AD9A5B4CE988AB2EAB0CAB533
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 67FF78C3ED438DB753C8A496F4782D45
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 90B5526118302362BF4C8C92BFFB8E6C
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 192F103F52F201351D8853D5449882C6
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 85E52E532F0924BA3A345265B50715C6
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 3DCEA30C8B1123BEDD779F39A7BA9776
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/index.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1088776185805459457&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&siteScreenName=securityaffairs&theme=light&widgetsVersion=ed20a2b%3A1601588405575&width=500px
Frame ID: A766B5D71F5E788078C416609C1F9EC7
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/index.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-1&frame=false&hideCard=false&hideThread=false&id=1104082562216062978&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&siteScreenName=securityaffairs&theme=light&widgetsVersion=ed20a2b%3A1601588405575&width=500px
Frame ID: 93EC4397196F5F211CDC1069F3C2AAEE
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: B666B9BC6761507B8544FA18E2739A61
Requests: 18 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: DC14729BB4837F333FA40093E8FEEC22
Requests: 20 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV97497.js
Frame ID: 270925A9F18BD96F8D2528F20BCB43BA
Requests: 8 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV97497.js
Frame ID: 7E57C9E2E098928B094E4ED78C8BE669
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV97497.js
Frame ID: 06D08E5ED0D3B98FB457C39A70F1342B
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV97497.js
Frame ID: A482D6016415737E10B5E90EBF0AEE6A
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV97497.js
Frame ID: FF38977BB5A34DCD09B1B916927AF021
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 5B1A73CBA6D9CDFE7426D3940B040141
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201112/r20190131/zrt_lookup.html
Frame ID: 017ADF4DE16A0FCFDE90C3F99D7FCB87
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV97497.js
Frame ID: 28502B1FF7B0FBE71D891BE6996D7CF8
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492129&pi=t.ma~as.1139220782&w=320&lmt=1606691519&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1606691519408&bpp=17&bdt=54&idt=87&shv=r20201112&cbv=r20190131&ptt=5&saldr=sa&correlator=4386018426021&frm=21&ife=1&pv=2&ga_vid=1438483116.1606691518&ga_sid=1606691520&ga_hid=1661755735&ga_fc=1&iag=63&icsg=650&nhd=3&dssz=7&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=1011&biw=1600&bih=1200&isw=320&ish=50&ifk=2179207362&scr_x=0&scr_y=0&eid=21067982%2C21068084&oid=3&pvsid=293517201018259&pem=438&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.68ru4wyypnra&fsb=1&xpc=QWyNmh8omX&p=https%3A//securityaffairs.co&dtd=102
Frame ID: B6E5227F4595E9AD5B1E648D680A3D9A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: CB22FBE91C9736F5501BEDF9891A3CED
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 3E312993CF1172358C46D077483273CC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1357492134&pi=t.ma~as.1680648786&w=300&lmt=1606691520&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1606691519965&bpp=4&bdt=30&idt=46&shv=r20201112&cbv=r20190131&ptt=5&saldr=sa&cookie=ID%3D736a3efbf6370290-222d6aab7ca600ef%3AT%3D1606691519%3ART%3D1606691519%3AS%3DALNI_MY3Y2U4lvWBO9DeHw1LO3kEVIF2AQ&correlator=4386018426021&frm=21&ife=1&pv=1&ga_vid=1438483116.1606691518&ga_sid=1606691520&ga_hid=1000038585&ga_fc=1&iag=63&icsg=650&nhd=3&dssz=7&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=12765&biw=1600&bih=1200&isw=300&ish=250&ifk=2656847982&scr_x=0&scr_y=0&eid=21066922%2C21068084&oid=3&pvsid=413414705423463&pem=438&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.spoo7lqp8m7v&btvi=1&fsb=1&xpc=S2hX4wYy3y&p=https%3A//securityaffairs.co&dtd=53
Frame ID: 1898A19CDEC886AAC8D5FBE9C35E19CB
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: 510EE5D4E0D615ED294CF8B809A03CE8
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: 2D85155278CBC72FCC3D3304D5846A9F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 0B7A6329E64DFB4FBB8A121069AC5034
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 3C8BB1DBFACAB389AEAE3E503B261ADA
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 06DC87EBEFA68889E61115B0A158165C
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: 5F6440B0ECAD823DEB446F80BAF55D62
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: E0C4F1118964540C2787B436183FA9A0
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 6B1921FB09934FD89F32034A52CACB71
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 8197A0EEA6D132FF1BC184DA056F730B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

219
Requests

98 %
HTTPS

36 %
IPv6

34
Domains

52
Subdomains

38
IPs

6
Countries

3885 kB
Transfer

5758 kB
Size

9
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://seguranca-informatica.pt/sistemas-da-altran-foram-paralizados-devido-a-um-ataque-informatico/
Title: Altran

Search URL Search Domain Scan URL

URL: https://seguranca-informatica.pt/empresa-de-producao-de-aluminio-norsk-hydro-atingida-por-ransomware/
Title: Norsk Hydro

Search URL Search Domain Scan URL

URL: https://twitter.com/malwrhunterteam
Title: MalwareHunterTeam

Search URL Search Domain Scan URL

URL: https://seguranca-informatica.pt/si-lab-lockergoga-is-the-most-active-ransomware-that-focuses-on-targeting-companies-and-bypass-av-signature-based-detection/
Title: [SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies and bypass AV signature-based detection

Search URL Search Domain Scan URL

URL: https://seguranca-informatica.pt/
Title: seguranca–informatica.pt

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html&text=%5BSI-LAB%5D%20LockerGoga%20is%20the%20most%20active%20ransomware%20that%20focuses%20on%20targeting%20companies%20
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Title: Linkedin

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html&title=[SI-LAB]%20LockerGoga%20is%20the%20most%20active%20ransomware%20that%20focuses%20on%20targeting%20companies
Title: Reddit

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&media=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html

Search URL Search Domain Scan URL

URL: https://www.cssii.unifi.it/vp-89-il-center.html

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 143

https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/NaN/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=19be31b18e501c4;misc=1606691519065; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/NaN/0/0/ADTECH;cfp=1;rndc=1606691519;v=2;cmd=bid;cors=yes;alias=19be31b18e501c4;misc=1606691519065 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/NaN/0/0/ADTECH;apid=1A485805a2-3298-11eb-aa99-12e650fea264;cfp=1;rndc=1606691518;v=2;cmd=bid;cors=yes;alias=19be31b18e501c4;misc=1606691519065

Request Chain 208

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=a5ee7d6e-93cb-4ef9-997c-800d2391cf04&pubid=0b24fdfc82

Request Chain 209

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=c8a71e5c-9900-457f-8134-5254690f5549&ssp=sonobi&gdpr=&gdpr_consent=

Request Chain 210

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=f1005fc4-2ac0-4f00-94c0-118badb95ea6

Request Chain 211

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=c9ff829a-4599-495f-a541-da0346091c96&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=U1BWNkdwU21qeWhLUm1EMDlwQ1J1dw&gdpr=&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEGxdEef2RAPnTsQU7RbnCac&google_cver=1

Request Chain 212

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

Request Chain 213

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1871878964716077974

Request Chain 214

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YzlmZjgyOWEtNDU5OS00OTVmLWE1NDEtZGEwMzQ2MDkxYzk2 HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEpyGjs94th3_9il6Sao1V0&google_cver=1

Request Chain 216

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

Request Chain 217

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=a5ee7d6e-93cb-4ef9-997c-800d2391cf04&pubid=0b24fdfc82

Request Chain 218

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=sonobi&bsw_custom_parameter=c8a71e5c-9900-457f-8134-5254690f5549 HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=sonobi&bsw_custom_parameter=c8a71e5c-9900-457f-8134-5254690f5549 HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=40018769-2461-49b8-a534-2f15858c6638&ssp=sonobi&expires=30&user_group=5&bsw_param=c8a71e5c-9900-457f-8134-5254690f5549 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c8a71e5c-9900-457f-8134-5254690f5549

Request Chain 219

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=52735fc4-2ac0-4200-af02-b0613be6daaa

Request Chain 220

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1871878964716077974

Request Chain 225

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=03a4f8c4-287e-4024-957b-5e505d1e6c69&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=bThScDMzYXBNbGF2YmpheEQ4dWN0UQ&gdpr=&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEGxdEef2RAPnTsQU7RbnCac&google_cver=1

Request Chain 226

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MDNhNGY4YzQtMjg3ZS00MDI0LTk1N2ItNWU1MDVkMWU2YzY5 HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEpyGjs94th3_9il6Sao1V0&google_cver=1

219 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request lockergoga-ransomware-spreads.html Show response
securityaffairs.co/wordpress/82684/malware/ 96 KB
28 KB 1020ms
985ms Document
text/html 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache / PHP/7.2.34
Resource Hash: 935ec815dc2e1918d4e3209612455b59350f957ced1668ab3db6697e299d4528

Request headers

:method: GET
:authority: securityaffairs.co
:scheme: https
:path: /wordpress/82684/malware/lockergoga-ransomware-spreads.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Sun, 29 Nov 2020 23:11:56 GMT
server: Apache
x-powered-by: PHP/7.2.34
vary: Accept-Encoding,Cookie
link: <https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/82684>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=82684>; rel=shortlink
set-cookie: cookielawinfo-checkbox-necessary=yes; expires=Mon, 30-Nov-2020 00:11:57 GMT; Max-Age=3600; path=/ cookielawinfo-checkbox-non-necessary=yes; expires=Mon, 30-Nov-2020 00:11:57 GMT; Max-Age=3600; path=/
content-encoding: gzip

GET
H2 200 style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 64 KB
64 KB 33ms
25ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 093fa1b3be5a5ed806dc8873e932ce049231b1b9bab39fb85e63ab8229d57c0b

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Tue, 01 Sep 2020 21:33:33 GMT
server: Apache
accept-ranges: bytes
etag: "fe23-5ae47455cdf29"
content-length: 65059
content-type: text/css

GET
H2 200 cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 3 KB
3 KB 43ms
36ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=1.9.4
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 18 Nov 2020 07:42:35 GMT
server: Apache
accept-ranges: bytes
etag: "c25-5b45cc13d19b0"
content-length: 3109
content-type: text/css

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 27 KB
27 KB 49ms
42ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=1.9.4
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d44b68c7b3e659196a6a72662f4e2e903044d6e64a6a5c0002602711cd68a8fa

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 18 Nov 2020 07:42:35 GMT
server: Apache
accept-ranges: bytes
etag: "6cdf-5b45cc13d19b0"
content-length: 27871
content-type: text/css

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 31ms
10ms Stylesheet
text/css 2001:4de0:ac19::1:b:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=d2c1d626d6d17b7c784678224f6cb29e

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 5442

GET
H2 200 frontend.css
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/css/ 7 KB
7 KB 50ms
44ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/css/frontend.css?ver=1606691517
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 24583638f8c4bd2d5dff22bddefbb24f8d047868e71ad2c029b1698b6926c85c

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Fri, 27 Nov 2020 22:56:19 GMT
server: Apache
accept-ranges: bytes
etag: "1c69-5b51e9190e67e"
content-length: 7273
content-type: text/css

GET
H2 200 custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 19 KB
20 KB 46ms
39ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: Apache
accept-ranges: bytes
etag: "4d92-52704407f72c0"
content-length: 19858
content-type: text/css

GET
H2 200 tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 539 B
683 B 42ms
36ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "21b-526fe6d7cd700"
content-length: 539
content-type: text/css

GET
H2 200 flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 6 KB
6 KB 51ms
45ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: Apache
accept-ranges: bytes
etag: "1851-5270441180940"
content-length: 6225
content-type: text/css

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 11 KB
11 KB 43ms
37ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.13-9993131
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b834a80037718e3da7f92199034dc59611ed774af41f1e84fa1e0d97c4261192

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 13 Nov 2019 23:52:08 GMT
server: Apache
accept-ranges: bytes
etag: "2ca1-597430d7ee92b"
content-length: 11425
content-type: text/css

GET
H2 200 animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 2 KB
2 KB 62ms
19ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "6b4-526fe6d5e5280"
content-length: 1716
content-type: text/css

GET
H2 200 font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 17 KB
18 KB 61ms
19ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "4574-526fe6d5e5280"
content-length: 17780
content-type: text/css

GET
H2 200 swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
5 KB 62ms
20ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "118d-526fe6e527680"
content-length: 4493
content-type: text/css

GET
H2 200 jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 334 B
478 B 67ms
22ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "14e-526fe6d5e5280"
content-length: 334
content-type: text/css

GET
H2 200 screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 110 KB
110 KB 70ms
22ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "1b844-526fe6d7cd700"
content-length: 112708
content-type: text/css

GET
H2 200 custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 12 KB
12 KB 106ms
58ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache / PHP/7.2.34
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
server: Apache
x-powered-by: PHP/7.2.34
content-type: text/css; charset: UTF-8;charset=UTF-8

GET
H2 200 grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 49 KB
50 KB 63ms
21ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: Apache
accept-ranges: bytes
etag: "c5f2-526fe6d6d94c0"
content-length: 50674
content-type: text/css

GET
H2 200 frontend.js Show response
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 23 KB
23 KB 73ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend.js?ver=1606691517
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9b5b9b8b1984a7b55656ca3d243deb436e049467353f6e61e73ac8bd0ab2a636

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Fri, 27 Nov 2020 22:56:19 GMT
server: Apache
accept-ranges: bytes
etag: "5b01-5b51e9191731e"
content-length: 23297
content-type: application/javascript

GET
H2 200 jquery.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 95 KB
95 KB 82ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Tue, 21 May 2019 21:49:10 GMT
server: Apache
accept-ranges: bytes
etag: "17a69-5896cd1a361be"
content-length: 96873
content-type: application/javascript

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 33 KB
33 KB 78ms
16ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=1.9.4
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 19220534acd81fcc7c5128efb3662f50ec59441be7a642a13d81db09106a5ded

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 18 Nov 2020 07:42:35 GMT
server: Apache
accept-ranges: bytes
etag: "840b-5b45cc13d2950"
content-length: 33803
content-type: application/javascript

GET
H2 200 medianetAdInjector.js Show response
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 741 B
895 B 81ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.8
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: c8817bacfc84fd39e4daec4096011ed3d117c7fe8b3c55fdd22af47c299099bc

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Fri, 06 Nov 2020 18:52:54 GMT
server: Apache
accept-ranges: bytes
etag: "2e5-5b374b8664727"
content-length: 741
content-type: application/javascript

GET
H2 200 st_insights.js Show response
ws.sharethis.com/button/ 25 KB
8 KB 41ms
12ms Script
application/javascript 2600:9000:2190:b800:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:b800:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 6d7d8b5166693d824356fd913840d94a4e76e9377f67035401b01c5ed1d23362

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 18:53:53 GMT
content-encoding: gzip
server: nginx/1.16.1
age: 188284
etag: "5f80b334-63df"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 0c476b4e93e7b13a5f68b185a8e9753c.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: ZRH50-C1
x-robots-tag: noindex, nofollow
content-length: 7332
x-amz-cf-id: Ubia87S7Cj58JF0SiPiynj06R_CLmFs6w_7xfE1nAZ873spNbqHe-Q==
expires: Mon, 30 Nov 2020 18:53:53 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 100 KB
32 KB 48ms
13ms Script
text/javascript 2600:9000:2190:6600:1c:8a07:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:6600:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 44127c3cb1717506bacc6319ee8d12f60f3a5598f7855274531b44a71512efd4

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:04:24 GMT
content-encoding: gzip
age: 453
etag: W/"191dd-Tz9tM/RPpPGCIQl0WTstGYeDWuk"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: DlCekD0quXxriR2j9hXQheIlIZJbEQFF5KKYWt8BuKYrqAvL8UE-TQ==

GET
H2 200 shield-antibot.js Show response
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/ 3 KB
3 KB 80ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/shield-antibot.js?ver=10.1.3&mtime=1605830116
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d24350e3a8c6e3963544189c3d0cfcd8c11e5dbac0de76aace83993b7d16dcf6

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Thu, 19 Nov 2020 23:55:16 GMT
server: Apache
accept-ranges: bytes
etag: "c00-5b47e75a6f600"
content-length: 3072
content-type: application/javascript

GET
H2 200 logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 44 KB
44 KB 17ms
16ms Image
image/png 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
server: Apache
accept-ranges: bytes
etag: "b0e9-5270743f5f480"
content-length: 45289
content-type: image/png

GET
H/1.1 200
OK headerbid.js Show response
served-by.pixfuture.com/www/delivery/ 3 KB
4 KB 266ms
87ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 177d76801bdbecdb0d27109e118ae54a929156deac8ca44b46924a5c0f43cd7a

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 29 Nov 2020 23:11:58 GMT
Last-Modified: Mon, 26 Oct 2020 19:24:56 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5f972288-d42"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 3394
Expires: Tue, 01 Dec 2020 23:11:58 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 27ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/418A) /
Resource Hash: 2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 29 Nov 2020 23:11:58 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Oct 2020 21:52:09 GMT
Server: ECS (fcn/418A)
Age: 1404
Etag: "a671d4d584ef50954e5cebb21da17065+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28698

GET
H2 200 1-3.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 24 KB
24 KB 715ms
684ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/1-3.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

41f2e9f54ae423b2ea6d7e6744d2236dcbd665c4053bb4f197575a6cdc71d521

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 5
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "5c33e3375078148c"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/1-3.png>; rel="canonical"
content-length: 24766
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 2-2.png
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 22 KB
22 KB 418ms
417ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/2-2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

7c074f01f14855c72d2aedbc58a1287cdba4be27b2d166d22709083174c55854

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 6
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "33628e7ec34e5c68"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/2-2.png>; rel="canonical"
content-length: 22162
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 3-2.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 20 KB
20 KB 598ms
589ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/3-2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

b0e5012c3fe536656cd1dd89dde9aa3971ddcb991168a393ec369a6a301335d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 2
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "0004280ca73d402c"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/3-2.png>; rel="canonical"
content-length: 20370
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 4-2.png
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 9 KB
9 KB 444ms
436ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/4-2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

501ff931c11fd99a8183bc01d1e180b867df70aca3fb9091724a190a07e9e684

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 5
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "3581f61262bd3d84"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/4-2.png>; rel="canonical"
content-length: 9456
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 5-2.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 2 KB
2 KB 241ms
233ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/5-2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

9c8312e1b632d2912671d6d10be3e45c1c28b9f9054352728e20c6e0639c6a9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 7
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "4651bb5e73f14158"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/5-2.png>; rel="canonical"
content-length: 2122
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 6-2.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 69 KB
70 KB 781ms
773ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/6-2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

1c14af60dc817b5f06b15e13179a7f1239a341111adcb7739b690b367d9371d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 1
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "39a2ec9c032284b7"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/6-2.png>; rel="canonical"
content-length: 70980
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 3-3.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 20 KB
20 KB 579ms
572ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/3-3.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

b0e5012c3fe536656cd1dd89dde9aa3971ddcb991168a393ec369a6a301335d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 5
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "0004280ca73d402c"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/3-3.png>; rel="canonical"
content-length: 20370
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 25ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e40c7cd7b4aa0fa006574bca5fbebdf5eb3e524edf46fd8c4a8cb52d6ccdbccc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: HL/KU9ZsR63OhvOR8di8MA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1778
etag: "254fc9037367be1a953eb73f55589b48"
x-fb-debug: okZF/2/H7W/YmL3z7EFn8pVX8Pwt86szL+zGS32amuTYqo8OaIUk8EHaFsUvONVaUrhJCL8lGC4EMK4LezA8gw==
x-fb-trip-id: 664085054
x-fb-content-md5: 0f41dce1de21cf8bdcee09f74760aaf5
x-frame-options: DENY
date: Sun, 29 Nov 2020 23:11:58 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 29 Nov 2020 23:24:02 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 31ms
5ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4957
date: Sun, 29 Nov 2020 21:49:21 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Sun, 29 Nov 2020 23:49:21 GMT

GET
H2 200 twemoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 27 KB
28 KB 27ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: ee657fa9cbe48aeeda44b31ed4ae2ca1d021a82e301e36a456eafb7c8dda7fb7

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:58 GMT
last-modified: Tue, 11 Aug 2020 22:24:47 GMT
server: Apache
accept-ranges: bytes
etag: "6d6a-5aca189f1cc8c"
content-length: 28010
content-type: application/javascript

GET
H2 200 wp-emoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 9 KB
9 KB 27ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:58 GMT
last-modified: Tue, 31 Mar 2020 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "231d-5a22e608152f1"
content-length: 8989
content-type: application/javascript

GET css
fonts.googleapis.com/ 0
0

GET
H2 200 8-2.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 12 KB
12 KB 251ms
245ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/8-2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

e7a1a565924089fbec521d6308a2471aa49255559cc67e702674d019fad3c510

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 7
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "18496ef97b82384c"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/8-2.png>; rel="canonical"
content-length: 12624
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 7-2.png
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 6 KB
6 KB 392ms
386ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/7-2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

d78c9700d52ab2eb00acf1a2de972bc50248057de7e59f5dc315b736eb24cfb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 1
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "30d881588a67c890"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/7-2.png>; rel="canonical"
content-length: 6082
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 11-2.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 13 KB
13 KB 360ms
354ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/11-2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

39404939e029b5e921dd01556de810f23f0f5e08e0a782dc4f8b2a82df69407f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 1
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "e38c5931ff5caed2"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/11-2.png>; rel="canonical"
content-length: 13062
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 9-1.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 17 KB
17 KB 533ms
526ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/9-1.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

f296a558ded0555f15f1d427037c2610924810bddae7e104570a2bc6b88cde21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 4
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "a9f24ca9e3939746"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/9-1.png>; rel="canonical"
content-length: 17436
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 10-2.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 7 KB
7 KB 428ms
422ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/10-2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

8fb2abf379afd3a461b3a57ea8247078fef8cf1e401594f519554e1be42dd3db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 3
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "99e92814a352facc"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/10-2.png>; rel="canonical"
content-length: 6730
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 12-2.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 12 KB
13 KB 271ms
265ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/12-2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

3c5dab6325657bcf657ae331cd11e28c18ce099ec17dd1b7fd8a1e4e8dcb8bc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 2
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "b947c6d78c076c4e"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/12-2.png>; rel="canonical"
content-length: 12730
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 13-1.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 77 KB
77 KB 515ms
510ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/13-1.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

8e23d657ac3736d84efd0dc3021d8e06a9deed39d1f31e1e8d4911e54d73ec7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 3
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "b1db41e015e92af4"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/13-1.png>; rel="canonical"
content-length: 78632
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 14-1.png
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 37 KB
37 KB 317ms
317ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/14-1.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

25a679f3ece4289a2c58e31a074a658c6d108aa8e42958d0544118458fc02d2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 8
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "004de720869156dd"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/14-1.png>; rel="canonical"
content-length: 38078
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 15-1.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 25 KB
25 KB 616ms
616ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/15-1.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

70933fb127de68e40299d5edb0408d5a00c8abcbaef4ba9326fa56633f84721d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 1
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "35c26147c17b41af"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/15-1.png>; rel="canonical"
content-length: 25738
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 16-1.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 21 KB
21 KB 323ms
318ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/16-1.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

d76e99964f6f9f12ed627949add675f21b18794521ca6b6145110ed682c3581a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 6
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "c411c906807011f9"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/16-1.png>; rel="canonical"
content-length: 21186
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 17-1.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 7 KB
7 KB 239ms
239ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/17-1.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

bf464d1aa7e745b6dc00b554196af82d3ff82236bb18f5f929e26f1d4f98dd01

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 2
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "29d6dc6f2a9fa9d9"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/17-1.png>; rel="canonical"
content-length: 7078
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 830 B
1 KB 15ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT cdg 2
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 08 Aug 2020 15:39:02 GMT
server: nginx
etag: "ac6bad4577697a68"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length: 830
expires: Tue, 09 Aug 2022 03:39:02 GMT

GET
H2 200 twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 15ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT cdg 6
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Wed, 03 Jun 2020 04:17:45 GMT
server: nginx
etag: "23d6888db3fc0591"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length: 1082
expires: Fri, 03 Jun 2022 16:17:45 GMT

GET
H2 200 linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 15ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT cdg 4
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 08 Aug 2020 15:39:02 GMT
server: nginx
etag: "419f8cd88292d5a8"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length: 1184
expires: Tue, 09 Aug 2022 03:39:02 GMT

GET
H2 200 reddit.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 2 KB
2 KB 15ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

56159a7fa211c042c8da7005984653715f938917383f74292247f7b271469fb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT cdg 1
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 08 Aug 2020 15:39:02 GMT
server: nginx
etag: "96031a13d1761798"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png>; rel="canonical"
content-length: 1566
expires: Tue, 09 Aug 2022 03:39:02 GMT

GET
H2 200 pinterest.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
2 KB 20ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

3afe47d0fe0b16bc5bddecdc9bcaca94ed420b8fd0ddee2ae77364403c794bb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT cdg 4
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
x-bytes-saved: 1227
last-modified: Mon, 04 Feb 2019 06:29:18 GMT
server: nginx
etag: "9a8b1a5335d6cfb5"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png>; rel="canonical"
content-length: 1502
expires: Wed, 03 Feb 2021 18:29:18 GMT

GET
H2 200 Black-Box-attack-italian-bank.jpg
securityaffairs.co/wordpress/wp-content/uploads/2020/11/ 170 KB
171 KB 25ms
21ms Image
image/jpeg 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2020/11/Black-Box-attack-italian-bank.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: fd985886d37f7cffd7bbe599a032f3463cca1f09983a0e56a108cad0b0b63c45

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:58 GMT
last-modified: Sun, 29 Nov 2020 22:05:58 GMT
server: Apache
accept-ranges: bytes
etag: "2a98a-5b546193013bd"
content-length: 174474
content-type: image/jpeg

GET
H2 200 Industrial-Automation-systems-RTA-ENIP-BLOG-IMAGE-1-1024x580-1.png
securityaffairs.co/wordpress/wp-content/uploads/2020/11/ 453 KB
454 KB 23ms
20ms Image
image/png 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2020/11/Industrial-Automation-systems-RTA-ENIP-BLOG-IMAGE-1-1024x580-1.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 09011620a9ca23fd06076c9e55e6a5292522facf4e915cf317fe0e319f781fbb

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:58 GMT
last-modified: Sun, 29 Nov 2020 15:24:11 GMT
server: Apache
accept-ranges: bytes
etag: "713d5-5b5407c53066e"
content-length: 463829
content-type: image/png

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 151 KB
51 KB 46ms
45ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f0e7248e64314f6983225b9dd12f60801e78ab4ef29001698eb334650d93dfbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-mnt-h: 8-21
content-encoding: gzip
server: Apache
etag: "f372080460c4c0b9c1fd2320598276c5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=1800
date: Sun, 29 Nov 2020 23:11:58 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-13
expires: Sun, 29 Nov 2020 23:41:58 GMT

GET
H2 200 Magecart-skimmer.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2019/03/ 18 KB
18 KB 263ms
260ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2019/03/Magecart-skimmer.png?resize=300%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

f777461f309eec7451d363c6cb32f4d76dc5e5282a205502ed466f5b281be407

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: MISS cdg 7
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 29 Nov 2020 23:11:58 GMT
server: nginx
etag: "1ae14f6435bab248"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2019/03/Magecart-skimmer.png>; rel="canonical"
content-length: 18768
expires: Wed, 30 Nov 2022 11:11:58 GMT

GET
H2 200 ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 122 KB
122 KB 16ms
16ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f4d4eda42f85c6ccbbb5de2aff596085b3b1d380c8585464f2e53df2cad66f8e

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Fri, 27 Nov 2020 22:56:24 GMT
server: Apache
accept-ranges: bytes
etag: "1e76e-5b51e91e0db61"
content-length: 124782
content-type: text/css

GET
H2 200 photon.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 2 KB
2 KB 15ms
15ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Thu, 12 Nov 2020 23:42:22 GMT
server: Apache
accept-ranges: bytes
etag: "6e0-5b3f176ab0fdf"
content-length: 1760
content-type: application/javascript

GET
H2 200 jquery.adrotate.clicktracker.js Show response
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 365 B
519 B 15ms
14ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Fri, 27 Nov 2020 22:56:17 GMT
server: Apache
accept-ranges: bytes
etag: "16d-5b51e916e3b6e"
content-length: 365
content-type: application/javascript

GET
H2 200 ssba.js Show response
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 16ms
15ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Fri, 27 Nov 2020 22:56:24 GMT
server: Apache
accept-ranges: bytes
etag: "792-5b51e91e148c1"
content-length: 1938
content-type: application/javascript

GET
H2 200 hint.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 987 B
1 KB 15ms
15ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3db-526fe6e433440"
content-length: 987
content-type: application/javascript

GET
H2 200 jquery.tipsy.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
4 KB 15ms
15ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1113-526fe6e433440"
content-length: 4371
content-type: application/javascript

GET
H2 200 jquery.easing.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 15ms
15ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1fa1-526fe6e433440"
content-length: 8097
content-type: application/javascript

GET
H2 200 browser.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 18ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "a36-526fe6e33f200"
content-length: 2614
content-type: application/javascript

GET
H2 200 jquery.flexslider-min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 21 KB
21 KB 15ms
15ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
server: Apache
accept-ranges: bytes
etag: "53ae-5270441274b80"
content-length: 21422
content-type: application/javascript

GET
H2 200 waypoints.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 15ms
15ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "1f6c-526fe6e527680"
content-length: 8044
content-type: application/javascript

GET
H2 200 mediaelement-and-player.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
70 KB 16ms
16ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
server: Apache
accept-ranges: bytes
etag: "11571-5270441645480"
content-length: 71025
content-type: application/javascript

GET
H2 200 jquery.swipebox.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 11 KB
11 KB 15ms
15ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "2a67-526fe6e433440"
content-length: 10855
content-type: application/javascript

GET
H2 200 jquery.circliful.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 15ms
14ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "c18-526fe6e433440"
content-length: 3096
content-type: application/javascript

GET
H2 200 jquery.smarticker.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 13 KB
13 KB 15ms
14ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3225-526fe6e433440"
content-length: 12837
content-type: application/javascript

GET
H2 200 custom.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 12 KB
13 KB 15ms
15ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "31d4-526fe6e33f200"
content-length: 12756
content-type: application/javascript

GET
H2 200 wp-embed.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 3 KB
3 KB 15ms
14ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:57 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
accept-ranges: bytes
etag: "c8e-5826f6315ef61"
content-length: 3214
content-type: application/javascript

GET
H2 200 e-202048.js Show response
stats.wp.com/ 9 KB
3 KB 72ms
23ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202048.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn
date: Sun, 29 Nov 2020 23:11:58 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sun, 21 Nov 2021 18:16:38 GMT

GET
H2 200 5b71b64b04b9a500117b1015.js Show response
buttons-config.sharethis.com/js/ 30 B
379 B 439ms
413ms Script
text/javascript 2600:9000:2190:a00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:a00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
last-modified: Mon, 13 Aug 2018 16:48:12 GMT
server: AmazonS3
x-amz-cf-pop: ZRH50-C1
etag: "e6e1643313740711175f51662a65b42f"
x-cache: RefreshHit from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 30
x-amz-cf-id: ZDQ7ERXr1uwUuSvvUBcKFBWfTle9m-4896cmovXDO7Js0kVugXhhmw==

GET
H2 200 analytics.js Show response
google-analytics.com/ 46 KB
19 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4841
date: Sun, 29 Nov 2020 21:51:17 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Sun, 29 Nov 2020 23:51:17 GMT

GET
H2 200 fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 22ms
19ms Font
application/font-woff 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:58 GMT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
server: Apache
accept-ranges: bytes
etag: "ad90-526fe6dc92240"
content-length: 44432
content-type: application/font-woff

GET
H2 200 portal-v2.html
c.sharethis.mgr.consensu.org/v1.0/cmp/ Frame 8026 0
0 39ms
12ms Document
text/html 2600:9000:2190:7200:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal-v2.html
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:7200:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /v1.0/cmp/portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

content-type: text/html; charset=utf-8
accept-ranges: bytes
content-encoding: gzip
last-modified: Thu, 19 Nov 2020 18:19:12 GMT
cache-control: max-age=3600, public
date: Sun, 29 Nov 2020 22:41:05 GMT
etag: W/"83a-175e1bb5500"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: DxycpY_Jps2EJCPgFzZc4VhYHhUztfy8pGSI4ELEMRUrnlNl8Ennyg==
age: 1853

GET headerbid_refresh_alex.php
served-by.pixfuture.com/www/delivery/ Frame E493 0
0

GET
H2 200 /
seguranca-informatica.pt/si-lab-lockergoga-is-the-most-active-ransomware-that-focuses-on-targeting-companies-and-bypass-av-signature-based-detection/embed/ Frame A69C 0
0 703ms
623ms Document
text/html 2606:4700:3035::ac43:9180
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/si-lab-lockergoga-is-the-most-active-ransomware-that-focuses-on-targeting-companies-and-bypass-av-signature-based-detection/embed/

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:9180 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.12

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: seguranca-informatica.pt
:scheme: https
:path: /si-lab-lockergoga-is-the-most-active-ransomware-that-focuses-on-targeting-companies-and-bypass-av-signature-based-detection/embed/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=da76b4b7a3de5af3faa24a9846e56986d1606691518; expires=Tue, 29-Dec-20 23:11:58 GMT; path=/; domain=.seguranca-informatica.pt; HttpOnly; SameSite=Lax; Secure
x-powered-by: PHP/7.4.12
x-pingback: https://seguranca-informatica.pt/xmlrpc.php
link: <https://seguranca-informatica.pt/wp-json/>; rel="https://api.w.org/", <https://seguranca-informatica.pt/wp-json/wp/v2/posts/5928>; rel="alternate"; type="application/json", <https://seguranca-informatica.pt/?p=5928>; rel=shortlink, </wp-content/cache/minify/f1e98.css>; rel=preload; as=style
x-wp-embed: true
vary: Accept-Encoding
referrer-policy
cf-cache-status: DYNAMIC
cf-request-id: 06b7e00fc200002b4d558d7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JwclKKyTMlPUyjn4udK%2BJ%2BgY28ZOht%2BSGQp7%2BU%2BDanQel9%2B0bI2ljzAab3NBIptJoxkie7UF5jrzOteFnKwgVVS2YqO8MG%2FZy3B6f0ohRD0ccWZyuoy08a%2FfCxxt7Lt0Aq7kR8w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 5fa002c60da32b4d-FRA
content-encoding: br
cf-h2-pushed: </wp-content/cache/minify/f1e98.css>

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
340 B 115ms
29ms XHR
text/plain 18.195.43.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1606691518193.98254&hostname=securityaffairs.co&location=%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&bsamesite=true&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&title=%5BSI-LAB%5D%20LockerGoga%20is%20the%20most%20active%20ransomware%20against%20companiesSecurity%20Affairs&sop=false&description=LockerGoga%20is%20the%20most%20active%20ransomware%2C%20experts%20warns%20it%20focuses%20on%20targeting%20companies%20and%20bypass%20AV%20signature-based%20detection.%20LockerGoga%C2%A0ransomware%C2%A0is%20a%20crypto-malware%C2%A0that%20loads%20the%20malicious%20file%20on%20the%20system%20from%20an%20infected%20email%20attachment.%20This%20threat%20is%20very%20critical%20these%20days%2C%20and%20it%20is%C2%A0the%20most%20active%20ransomware%20that%20focuses%20on%20targeting%20companies.%C2%A0Altran%C2%A0and%C2%A0Norsk%20Hydro%C2%A0are%20two%20companies%20severely%20%5B%E2%80%A6%5D
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.43.194 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-43-194.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 29 Nov 2020 23:11:58 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 195 KB
59 KB 17ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=135b6f6af5c8ab1f411ce5e84ce17e42&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b292fc4795c1352d954dff9e70fedfc66e04bf339e24f3598539470e8e2efc93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: RQ7zIi557TE1CVk3Zk+Rug==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 60126
etag: "0426c31ddc1cfb86155d646fbea135fe"
x-fb-debug: spUaQyydp70/mjzPDkao4u2Rc/xq8bHMzpWWHX7H2YGV6ILEvN4GAwF8blJNRNs6egN78giJuQjL1vOVDkwd/g==
x-fb-trip-id: 664085054
x-fb-content-md5: d40a33d67babb8aae8d050bf5f88ad3b
x-frame-options: DENY
date: Sun, 29 Nov 2020 23:11:58 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Mon, 29 Nov 2021 21:45:27 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
127 B 39ms
13ms XHR
text/plain 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1042648948&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&ul=en-us&de=UTF-8&dt=%5BSI-LAB%5D%20LockerGoga%20is%20the%20most%20active%20ransomware%20against%20companiesSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=341784292&gjid=547230486&cid=1438483116.1606691518&tid=UA-59069958-1&_gid=1370688059.1606691518&_r=1&_slc=1&did=dNDMyYj&z=1888437734

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
384 B 25ms
13ms Image
image/gif 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1042648948&t=pageview&_s=2&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&ul=en-us&de=UTF-8&dt=%5BSI-LAB%5D%20LockerGoga%20is%20the%20most%20active%20ransomware%20against%20companiesSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=&gjid=&cid=1438483116.1606691518&tid=UA-59069958-1&_gid=1370688059.1606691518&did=dNDMyYj&z=1390707952

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 13:37:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34470
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ 149 KB
51 KB 122ms
66ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

fb9e0e525b6f1c34a61dc457300e88c9c22f5f4082e9a02e39ab9275b05b7497

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-mnt-h: 12-24
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag: "f3572873abb4a3d8524379c215301c46"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=1800
date: Sun, 29 Nov 2020 23:11:58 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-19
expires: Sun, 29 Nov 2020 23:41:58 GMT

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame 12D9 6 KB
7 KB 114ms
113ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=silab,lockergoga,is,most,active,ransomware,against,companiessecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 7ff72094ca6ca5b181a3eb5fb9164183b8fdccefda93f16a129471aa49c22dee

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:11:58 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Tue, 01 Dec 2020 23:11:58 GMT

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame 14F2 6 KB
7 KB 225ms
115ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=silab,lockergoga,is,most,active,ransomware,against,companiessecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 04b62bed8ce2a7828bd87ba7181696461ce7e061ab088e83c377e1cd8146032c

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:11:58 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Tue, 01 Dec 2020 23:11:58 GMT

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
315 B 29ms
29ms Image
text/plain 18.195.43.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1606691518193.98254&hostname=securityaffairs.co&location=%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&bsamesite=true&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&title=%5BSI-LAB%5D%20LockerGoga%20is%20the%20most%20active%20ransomware%20against%20companiesSecurity%20Affairs&sop=false&description=LockerGoga%20is%20the%20most%20active%20ransomware%2C%20experts%20warns%20it%20focuses%20on%20targeting%20companies%20and%20bypass%20AV%20signature-based%20detection.%20LockerGoga%C2%A0ransomware%C2%A0is%20a%20crypto-malware%C2%A0that%20loads%20the%20malicious%20file%20on%20the%20system%20from%20an%20infected%20email%20attachment.%20This%20threat%20is%20very%20critical%20these%20days%2C%20and%20it%20is%C2%A0the%20most%20active%20ransomware%20that%20focuses%20on%20targeting%20companies.%C2%A0Altran%C2%A0and%C2%A0Norsk%20Hydro%C2%A0are%20two%20companies%20severely%20%5B%E2%80%A6%5D&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&description=LockerGoga%20is%20the%20most%20active%20ransomware%2C%20experts%20warns%20it%20focuses%20on%20targeting%20companies%20and%20bypass%20AV%20signature-based%20detection.%20LockerGoga%C2%A0ransomware%C2%A0is%20a%20crypto-malware%C2%A0that%20loads%20the%20malicious%20file%20on%20the%20system%20from%20an%20infected%20email%20attachment.%20This%20threat%20is%20very%20critical%20these%20days%2C%20and%20it%20is%C2%A0the%20most%20active%20ransomware%20that%20focuses%20on%20targeting%20companies.%C2%A0Altran%C2%A0and%C2%A0Norsk%20Hydro%C2%A0are%20two%20companies%20severely%20%5B%E2%80%A6%5D&img_pview=true
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.43.194 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-43-194.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 29 Nov 2020 23:11:58 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 88 KB
25 KB 468ms
468ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=733976884&size=300x250&cc=FR&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&nse=5&vi=1606691518297687650&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0c8b60aa4f426dbbbec00d6391e3e3a1e00f081e5609b995cc810e2e92da278f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-7
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Sun, 29 Nov 2020 23:11:58 GMT
x-mnt-w: 10-8, 10-15
content-length: 24878
expires: Sun, 29 Nov 2020 23:16:58 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame BDE5 0
0 36ms
36ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Wed, 02 Jun 2021 23:11:58 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Tue, 01 Dec 2020 23:11:58 GMT
date: Sun, 29 Nov 2020 23:11:58 GMT
content-length: 5434

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 87ms
27ms Image
image/gif 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=733976884&vi=1606691518297687650&ugd=4&lf=6&cc=FR&sc=IDF&wsip=2886781336&r=1606691518512&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001606691518507013824209925961&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:58 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Sun, 29 Nov 2020 23:11:58 GMT

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 6 KB
6 KB 16ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT cdg 8
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
x-bytes-saved: 46713
last-modified: Tue, 09 Jun 2020 04:10:18 GMT
server: nginx
etag: "d363e105767b4cc2"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 6414
expires: Thu, 09 Jun 2022 16:10:18 GMT

GET
H2 200 securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 10 KB
10 KB 16ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT cdg 2
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
x-bytes-saved: 103276
last-modified: Tue, 02 Jun 2020 21:24:46 GMT
server: nginx
etag: "fed3375b73064b64"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
content-length: 10314
expires: Fri, 03 Jun 2022 09:24:46 GMT

GET
H2 200 logo-center-for-cybersecurity.jpg
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 7 KB
8 KB 17ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT cdg 5
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Mon, 26 Oct 2020 09:04:45 GMT
server: nginx
etag: "eef46ddfcc445bef"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length: 7482
expires: Wed, 26 Oct 2022 21:04:45 GMT

GET
H2 200 1f602.svg
s.w.org/images/core/emoji/13.0.0/svg/ 2 KB
970 B 47ms
15ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/1f602.svg

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

1752c287f6fbbb65e1c982399584bbc9b1e0c46f0dc181cda9b8028dc60c4c01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT cdg 2
date: Sun, 29 Nov 2020 23:11:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:53 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html
platform.twitter.com/widgets/ Frame BCC1 0
0 6ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fsecurityaffairs.co
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40EA) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 450505
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Nov 2020 23:11:58 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Thu, 01 Oct 2020 21:50:01 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40EA)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 5825

GET
H/1.1 200
OK horizon_tweet.716ef7f4c155526f8ec8e60dbd2fbf56.js Show response
platform.twitter.com/js/ 6 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.716ef7f4c155526f8ec8e60dbd2fbf56.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4188) /
Resource Hash: b8e8fe9b8ca280dc3c982691064e62ba97c8f2c192a17dfe74430c7cf73cb4de

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 29 Nov 2020 23:11:58 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Oct 2020 21:49:51 GMT
Server: ECS (fcn/4188)
Age: 450505
Etag: "15d6bf68a8d65b293e52ddc833724ed4+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2195

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 25ms
24ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A9.1&blog=29506073&post=82684&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=1872&rand=0.9400304095944154
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:58 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
25 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1042648948&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&ul=en-us&de=UTF-8&dt=%5BSI-LAB%5D%20LockerGoga%20is%20the%20most%20active%20ransomware%20against%20companiesSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUABAAAAAC~&jid=&gjid=&cid=1438483116.1606691518&tid=UA-59069958-1&_gid=1370688059.1606691518&_slc=1&did=dNDMyYj&z=858344754

Requested by

Host: google-analytics.com
URL: https://google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
58 B 6ms
6ms Image
image/gif 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1042648948&t=pageview&_s=2&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&ul=en-us&de=UTF-8&dt=%5BSI-LAB%5D%20LockerGoga%20is%20the%20most%20active%20ransomware%20against%20companiesSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUABAAAAAC~&jid=&gjid=&cid=1438483116.1606691518&tid=UA-59069958-1&_gid=1370688059.1606691518&did=dNDMyYj&z=978922107

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 13:37:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34470
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 82 KB
23 KB 451ms
450ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=829833831&size=300x250&cc=FR&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&nse=5&vi=1606691518931711683&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a17c88a7e304fc6f09e3c55651d1affc065dd91ec0d28ea94ec17064c4c04c31

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-7
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Sun, 29 Nov 2020 23:11:59 GMT
x-mnt-w: 10-16, 10-15
content-length: 23790
expires: Sun, 29 Nov 2020 23:16:59 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 67FF 0
0 47ms
45ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Wed, 02 Jun 2021 23:11:58 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Tue, 01 Dec 2020 23:11:58 GMT
date: Sun, 29 Nov 2020 23:11:58 GMT
content-length: 5434

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 85 KB
24 KB 460ms
460ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=FR&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&nse=5&vi=1606691518509799971&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d9bc4e70acb2b43913916562f088e10d8f8058c9ffcaa8c92599c6dbd907fa4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-7
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Sun, 29 Nov 2020 23:11:59 GMT
x-mnt-w: 10-16, 10-4
content-length: 24612
expires: Sun, 29 Nov 2020 23:16:59 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 90B5 0
0 51ms
49ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Wed, 02 Jun 2021 23:11:58 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Tue, 01 Dec 2020 23:11:58 GMT
date: Sun, 29 Nov 2020 23:11:58 GMT
content-length: 5434

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 83 KB
24 KB 569ms
568ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=FR&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&nse=5&vi=1606691518775536445&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8b69f9c8ef496be5c628630ae1292422ff4bb0cd40ca74557fdebd233d50251e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-7
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Sun, 29 Nov 2020 23:11:59 GMT
x-mnt-w: 8-15, 8-7
content-length: 24485
expires: Sun, 29 Nov 2020 23:16:59 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 192F 0
0 68ms
67ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Wed, 02 Jun 2021 23:11:58 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Tue, 01 Dec 2020 23:11:58 GMT
date: Sun, 29 Nov 2020 23:11:58 GMT
content-length: 5434

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 83 KB
24 KB 688ms
687ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=FR&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&nse=5&vi=1606691518196914996&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b19fbd45a248505d06f1021b814ef9599af2939129d560db0e28a3fc88ba5d05

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-7
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Sun, 29 Nov 2020 23:11:59 GMT
x-mnt-w: 8-13, 8-8
content-length: 24464
expires: Sun, 29 Nov 2020 23:16:59 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 85E5 0
0 93ms
93ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Wed, 02 Jun 2021 23:11:58 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Tue, 01 Dec 2020 23:11:58 GMT
date: Sun, 29 Nov 2020 23:11:58 GMT
content-length: 5434

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 77 KB
24 KB 534ms
534ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=FR&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&nse=5&vi=1606691518466571420&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0af5ce4b63512fe6cfc3be87a6113749455acceaa97d7686f1f207ccbdec33e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-7
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Sun, 29 Nov 2020 23:11:59 GMT
x-mnt-w: 10-7, 10-2
content-length: 23943
expires: Sun, 29 Nov 2020 23:16:59 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 3DCE 0
0 85ms
84ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Wed, 02 Jun 2021 23:11:58 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Tue, 01 Dec 2020 23:11:58 GMT
date: Sun, 29 Nov 2020 23:11:58 GMT
content-length: 5434

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 26ms
25ms Image
image/gif 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=829833831&vi=1606691518931711683&ugd=4&lf=6&cc=FR&sc=IDF&lper=100&wsip=2886781044&r=1606691518718&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001606691518712013824209926600&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:58 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Sun, 29 Nov 2020 23:11:58 GMT

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 56ms
29ms Image
image/gif 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1606691518509799971&ugd=4&lf=6&cc=FR&sc=IDF&lper=100&wsip=2886781044&r=1606691518734&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001606691518730013824209921959&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:58 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Sun, 29 Nov 2020 23:11:58 GMT

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 47ms
15ms Image
image/gif 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1606691518775536445&ugd=4&lf=6&cc=FR&sc=IDF&lper=100&wsip=2886781044&r=1606691518743&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001606691518730013824209921959&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:58 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Sun, 29 Nov 2020 23:11:58 GMT

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 82ms
33ms Image
image/gif 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1606691518196914996&ugd=4&lf=6&cc=FR&sc=IDF&wsip=2886781044&r=1606691518753&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001606691518751013824209928959&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:58 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Sun, 29 Nov 2020 23:11:58 GMT

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 84ms
36ms Image
image/gif 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1606691518466571420&ugd=4&lf=6&cc=FR&sc=IDF&lper=100&wsip=2886781044&r=1606691518760&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001606691518758013824209921354&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:58 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Sun, 29 Nov 2020 23:11:58 GMT

GET
H/1.1 200
OK index.html
platform.twitter.com/embed/ Frame A766 0
0 7ms
7ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/index.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1088776185805459457&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&siteScreenName=securityaffairs&theme=light&widgetsVersion=ed20a2b%3A1601588405575&width=500px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40FC) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1406
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Nov 2020 23:11:58 GMT
Etag: "926a30878e3bd5d4f4fe2bb443f263be"
Last-Modified: Tue, 24 Nov 2020 18:00:07 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40FC)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 577

GET
H/1.1 200
OK index.html
platform.twitter.com/embed/ Frame 93EC 0
0 12ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/index.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-1&frame=false&hideCard=false&hideThread=false&id=1104082562216062978&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&siteScreenName=securityaffairs&theme=light&widgetsVersion=ed20a2b%3A1601588405575&width=500px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40D0) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 902
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Nov 2020 23:11:58 GMT
Etag: "926a30878e3bd5d4f4fe2bb443f263be"
Last-Modified: Tue, 24 Nov 2020 18:00:07 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40D0)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 577

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame B666 37 KB
37 KB 153ms
127ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=silab,lockergoga,is,most,active,ransomware,against,companiessecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d26e98e9600c9cea41a4f28dee915eedd266f450849d151a7f653d1738917de

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:58 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 23 Nov 2020 17:49:07 GMT
server: cloudflare
etag: "5fbbf613-9275"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=u9C%2FG3xK%2BL21FyFs8GaYplqZZm5Is3Vj15vqMgpRytOYYkYfRk3ODy7VZvMgLC1XysDuyHzQn1bHSXSzOn9IXMXDWxnvs8QUYy8ZyElOmLTfrn31DVGazzn9uvxuMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5fa002c8a8ccd715-FRA
content-length: 37493
cf-request-id: 06b7e0116e0000d715ec958000000001
expires: Tue, 01 Dec 2020 23:11:58 GMT

GET
H2 200 prebid_uids2.js Show response
cdn.pixfuture.com/ Frame B666 307 KB
308 KB 154ms
128ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=silab,lockergoga,is,most,active,ransomware,against,companiessecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0d3d5e8244dc1528570498005e8b963908ad2efe06639f7fb3bfaeec5a10daa

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:58 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 29 Oct 2020 18:44:42 GMT
server: cloudflare
etag: "5f9b0d9a-4cd27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jENvGh%2B%2FISosYaCDFZHvwAYBxu3Ztx%2B1s85JVlBK2pzRei%2BojiUF2PhMp9rCGxW7LLlUY5l6m5wQoTAn%2FL%2FqgGBRLSuvCHn4CU6da%2Ftk1NtTcYrqB2pE21HGwynkWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5fa002c8b8cfd715-FRA
content-length: 314663
cf-request-id: 06b7e0116f0000d715388f7000000001
expires: Tue, 01 Dec 2020 23:11:58 GMT

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame DC14 37 KB
37 KB 109ms
109ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=silab,lockergoga,is,most,active,ransomware,against,companiessecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d26e98e9600c9cea41a4f28dee915eedd266f450849d151a7f653d1738917de

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:58 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 23 Nov 2020 17:49:07 GMT
server: cloudflare
etag: "5fbbf613-9275"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cQoyp2hRtoh8%2BKEIOgiANhhag3VTi4HppxZxzVWRTB3huFdcJCM9i6o3bgJuAnqdxN1OQY1goAw0FsuQqdwlw2eybHrVFR%2FDJtNNVb7iHhm8%2FM7AK9vkxcSvKCjK%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5fa002c8f952d715-FRA
content-length: 37493
cf-request-id: 06b7e011a00000d7157f994000000001
expires: Tue, 01 Dec 2020 23:11:58 GMT

GET
H2 200 prebid_uids2.js Show response
cdn.pixfuture.com/ Frame DC14 307 KB
308 KB 120ms
120ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=silab,lockergoga,is,most,active,ransomware,against,companiessecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0d3d5e8244dc1528570498005e8b963908ad2efe06639f7fb3bfaeec5a10daa

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:58 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 29 Oct 2020 18:44:42 GMT
server: cloudflare
etag: "5f9b0d9a-4cd27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HpRkpWT8bxvS5Es1ox5X1vkq6WYoNy%2B3%2F1hy%2BofdC3Sj0R7gKcUVr89R5afM0hEOyY%2FKOrrivnKXWwvUhCXg1KLl7K8JtKF4PG0WCoCM8jLRdlZ62tnSUO6GJTraKg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5fa002c90954d715-FRA
content-length: 314663
cf-request-id: 06b7e011a10000d71531339000000001
expires: Tue, 01 Dec 2020 23:11:58 GMT

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame B666 87 KB
88 KB 131ms
131ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sNkrGRSG1A2lH%2BNVrIIomhNaoATgnz8Apjg5ucCkOtignLi3sMV1Ewi%2B8av%2F6Ui1KVL2jJl82cd2PSBARkWL8yDc0Ixor%2F0WhAaUKEAOFNZGytLNERQSQyg%2B2DU%2Fbg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5fa002c99a51d715-FRA
content-length: 89476
cf-request-id: 06b7e012040000d7152b29c000000001
expires: Tue, 01 Dec 2020 23:11:59 GMT

GET
H2 200 nrrV97497.js Show response
contextual.media.net/4a/ Frame 2709 92 KB
30 KB 47ms
47ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV97497.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

80b8c415d0a2860143f7a4efeb7411e12dbd8574082ef69b63236fe735557182

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6b9b6ac54c0e2971948a958e12b6cad2"
vary: Accept-Encoding
x-mnet-h: 12-27
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Sun, 29 Nov 2020 23:11:59 GMT
content-length: 30495
expires: Sun, 13 Dec 2020 23:11:59 GMT

GET
H2 200 1x1.gif
contextual.media.net/__media__/pics/800028474/ Frame 2709 42 B
205 B 30ms
30ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/__media__/pics/800028474/1x1.gif

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
last-modified: Mon, 04 Jun 2018 10:04:19 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/gif
cache-control: max-age=348193
accept-ranges: bytes
content-length: 42
expires: Thu, 03 Dec 2020 23:55:12 GMT

GET
DATA 200
OK truncated
/ Frame 2709 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2709 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Open-sans.woff
contextual.media.net/__media__/fonts/Open-sans/ Frame 2709 24 KB
25 KB 93ms
37ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/Open-sans/Open-sans.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f8b56f5b126fd70a53e7d280ce31a5048a39ef1c2784b280ed7bd53c26165e9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 24884
expires: Mon, 30 Nov 2020 23:11:59 GMT

GET
H2 200 bullet12.woff
contextual.media.net/__media__/fonts/bullet12/ Frame 2709 2 KB
2 KB 112ms
56ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet12/bullet12.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c5216d8d82c0c227f6efb8d924f603fe922e2608740205873d74c8d3e0f3e0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1716
expires: Mon, 30 Nov 2020 23:11:59 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame B666 1 KB
2 KB 155ms
42ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2222c0fbf4996408%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.1%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&s=4c0bcd33-2424-48ab-a21a-2fedd9743f1e&pv=12b68ee8-6065-41c3-9c38-fc4e483590ea&vp=mobile&lib_name=prebid&lib_v=3.25.0&us=0&ius=1&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=silab%2Clockergoga%2Cis%2Cmost%2Cactive%2Cransomware%2Cagainst%2Ccompaniessecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

cdd71bb838d270d99e161f0323cc51f5f0321cb1a1c03da45a70611ac11ad5ad

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:11:59 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 586
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 hb Show response
ice.360yield.com/ Frame B666 94 B
310 B 111ms
29ms XHR
application/json 52.58.124.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%2213085e182a29de1%22%2C%22version%22%3A%227.1.0-JS-6.3.0%22%2C%22referrer%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%224f95c2da1d1246%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22pid%22%3A22292114%2C%22tid%22%3A%22ec6b6da3-2a01-488d-8d1d-9e18a31c9a8b%22%2C%22banner%22%3A%7B%7D%7D%5D%7D%7D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.124.95 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-124-95.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 0b5d4c577cdc94d8936258dab03fd9372f97fd3d078a28eea71bd33a22fa7652

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sun, 29 Nov 2020 23:11:59 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 94
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 ortb Show response
bid.contextweb.com/header/ Frame B666 0
504 B 311ms
111ms XHR
text/plain 198.148.27.134
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.148.27.134 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
server: envoy
cwdl: 22/4211
access-control-allow-origin: https://securityaffairs.co
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 17
cw-server: bid-deployment-644998f8f8-wft46

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame B666 0
117 B 156ms
76ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sun, 29 Nov 2020 23:11:59 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame B666 173 B
562 B 129ms
74ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=ec6b6da3-2a01-488d-8d1d-9e18a31c9a8b&nocache=1606691519039&gdpr=0&pubcid=b9caa8ae-aa4d-4986-9106-cf4563236eb9&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divIds=24272x320x50x4142x_ADSLOT1&auid=540580841&tps=bXlrZXl3b3JkPXNpbGFiLGxvY2tlcmdvZ2EsaXMsbW9zdCxhY3RpdmUscmFuc29td2FyZSxhZ2FpbnN0LGNvbXBhbmllc3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9c2lsYWIsbG9ja2VyZ29nYSxpcyxtb3N0LGFjdGl2ZSxyYW5zb213YXJlLGFnYWluc3QsY29tcGFuaWVzc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.198.0 /
Resource Hash: 2f4af55775a29871ee20a5c616244393aeca1b6a1dd14ccf8353d9aac03467a0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
server: OXGW/16.198.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B666 144 B
1 KB 158ms
81ms XHR
application/json 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

c9ce09128abe5630215b4f6366451be4a80df67279ab8b526b10eebb3dc93757

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:11:59 GMT
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 537.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.44:80
AN-X-Request-Uuid: fec1e544-7fd9-4ca9-9d7f-4e4e531ce3a7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame DC14 87 KB
88 KB 115ms
112ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tUlGmDb51TcSY6kzXgr8ki8%2F9pH7ex8lVtioQBcyEphOlei3SehVoBnQLwHDXTy3ngJO5sXqN9V98M5QLDLWZARwQXFTkIImd%2FIwZsXn9ZUJs79YZo0XHrtf6tg8JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5fa002ca0af7d715-FRA
content-length: 89476
cf-request-id: 06b7e012490000d7153c398000000001
expires: Tue, 01 Dec 2020 23:11:59 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame DC14 138 B
834 B 86ms
25ms XHR
application/json 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

a1e6f7fbcaafd2b0204795146aaebad17070005c8682a26a526b6b4ef85627d3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:11:59 GMT
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 537.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.235:80
AN-X-Request-Uuid: 6dfaa4a4-22d1-4028-9860-0b3c2adde62f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 ortb Show response
bid.contextweb.com/header/ Frame DC14 0
45 B 869ms
694ms XHR
text/plain 198.148.27.134
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.148.27.134 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 600
x-no-bid-reason: Request Timeout
date: Sun, 29 Nov 2020 23:11:59 GMT
server: envoy

GET
H2 200 hb Show response
ice.360yield.com/ Frame DC14 94 B
311 B 84ms
29ms XHR
application/json 52.58.124.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%2217edf72b37aa71b%22%2C%22version%22%3A%227.1.0-JS-6.3.0%22%2C%22referrer%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2263edfaf8b7ce79%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22pid%22%3A22254128%2C%22tid%22%3A%223caf5c86-46ff-4a87-bf76-47cbdee14472%22%2C%22banner%22%3A%7B%7D%7D%5D%7D%7D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.124.95 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-124-95.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e911fa785eab7795cd8b3d09347ef0e8c72af831dc123c77b67865465115152f

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sun, 29 Nov 2020 23:11:59 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 94
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame DC14 173 B
360 B 143ms
112ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=3caf5c86-46ff-4a87-bf76-47cbdee14472&nocache=1606691519064&gdpr=0&pubcid=b9caa8ae-aa4d-4986-9106-cf4563236eb9&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divIds=24270x300x250x4142x_ADSLOT1&auid=540580840&tps=bXlrZXl3b3JkPXNpbGFiLGxvY2tlcmdvZ2EsaXMsbW9zdCxhY3RpdmUscmFuc29td2FyZSxhZ2FpbnN0LGNvbXBhbmllc3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9c2lsYWIsbG9ja2VyZ29nYSxpcyxtb3N0LGFjdGl2ZSxyYW5zb213YXJlLGFnYWluc3QsY29tcGFuaWVzc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.198.0 /
Resource Hash: 926c8c62ed3b736bcad2e677f98afa8558b5606bf58f4131018237c103a1c367

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
server: OXGW/16.198.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

403

ADTECH;apid=1A485805a2-3298-11eb-aa99-12e650fea264;cfp=1;rndc=1606691518;v=2;cmd=bid;cors=yes;alias=19be31b18e501c4;misc=1606691519065 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/9834/NaN/0/0/ Frame DC14
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/NaN/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=19be31b18e501c4;misc=1606691519065;
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/NaN/0/0/ADTECH;cfp=1;rndc=1606691519;v=2;cmd=bid;cors=yes;alias=19be31b18e501c4;misc=1606691519065
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/NaN/0/0/ADTECH;apid=1A485805a2-3298-11eb-aa99-12e650fea264;cfp=1;rndc=1606691518;v=2;cmd=bid;cors=yes;alias=19be31b18e501c4;misc=160669151...

0
26 B

100ms
99ms

XHR
text/plain

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/NaN/0/0/ADTECH;apid=1A485805a2-3298-11eb-aa99-12e650fea264;cfp=1;rndc=1606691518;v=2;cmd=bid;cors=yes;alias=19be31b18e501c4;misc=1606691519065
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
server: nginx
access-control-allow-methods: POST,GET,HEAD,OPTIONS
access-control-allow-origin: https://securityaffairs.co
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
server: nginx
access-control-allow-origin: https://securityaffairs.co
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/NaN/0/0/ADTECH;apid=1A485805a2-3298-11eb-aa99-12e650fea264;cfp=1;rndc=1606691518;v=2;cmd=bid;cors=yes;alias=19be31b18e501c4;misc=1606691519065
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame DC14 0
61 B 137ms
85ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sun, 29 Nov 2020 23:11:59 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame DC14 1 KB
2 KB 141ms
49ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2214e4fedc3a321d9%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.1%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&s=23cc2095-73b2-4f38-8ccb-771d5494e286&pv=a6961336-0617-4de7-8d80-c1a873adc1aa&vp=mobile&lib_name=prebid&lib_v=3.25.0&us=0&ius=1&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=silab%2Clockergoga%2Cis%2Cmost%2Cactive%2Cransomware%2Cagainst%2Ccompaniessecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

16c8890f684883553698412cbb368f9088b51324edbff396ade8963559ff0400

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:11:59 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 585
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 204 2 Show response
prebid.mgid.com/prebid/ Frame DC14 0
595 B 147ms
96ms XHR
text/plain 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.mgid.com/prebid/2
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 3c66fe63-f1db-49d9-8569-6664b494081c
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://securityaffairs.co
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 5fa002ca8ae9331c-CDG
cf-request-id: 06b7e012970000331cfa384000000001
server: cloudflare

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 2709 15 B
397 B 26ms
26ms Script
text/javascript 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001606691518507013824209925961&geo=48.87|2.33&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYNSPEXR-MeV5rdj1I3GL-pywp82zx5k51qo-EfNpa91BNa1bM1834NI2OrpPFYstATK7VCU7UItb&lpid=&tsid=1&q=&prv=&type=&ps=&cme=hbAA2rMEkLQ8Js-Yi-rzzL6aLf5_1yPmXIFdRv9h8Rp_R-aP0Amo4jX_SPeczIqqy9cmfgnA6xveNBAf_ZQ15zQaloCTVm88wxI9B5ixkA4YTqPALjjcE5ORST9NGuu0tESlH5A-P2U2UIZnhZVxCD1oeoUtnAk9DpGPbQRcbOKDHABI8C2lbfxrmRG8fqEhDNUpxd7UfCc0ADlAElz7pjAoc5V7_m3L%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C2aGVb_Lbbz9O5033h3F_TCEUJST0S3CikV7AtR5ucmHYTZzv_YLyRz0-LpaHRxJmn9gBOic4v6hOPAk496fd573XKzY-rZUqlvp1iEFgxlQ%3D%7CN7fu2vKt8_s%3D%7CEPBhJF57B9HOD0dIZpeZ0Z3J7mrUaYP9TdWslegBnEPJ_VnzA3k34XgZBnbJ_jRA4B3XFORlHoPU_NShFpxuJrDmfjV5-E3FltKw6N80hsk1SvmwKLrRW3b3vndBB75G9xXOOuEVoG7vUwaUyuot6RL55HSun_4oqmq5wndLTEKXwxu9s-VU11tSpr_9iiligIlS-NPXeKKjWPpGi9e6jA%3D%3D%7C&hint=&td=&cc=FR&wsip=2887305234&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=Nu9&&rc=0&ksu=207&fdkt=439&kwd[]=Free%20Malware%20Antivirus%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329809631&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D1.98&ktd[]=563774604050688&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1202871521&kwp[]=2&kid[]=326729916&kbc2[]=ps%3D0.856%7C%7Crpc%3D2.09%7C%7Clvl%3D1.00&ktd[]=1407649778368768&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=439&kbc[]=1202871521&kwp[]=3&kid[]=330029440&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.59%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Top%20Rated%20Malware%20Tools&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329649619&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.23%7C%7Clvl%3D2.16&ktd[]=563224848236800&kwd[]=Best%20Antivirus%20Software%20of%202020&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329900794&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D2.64&ktd[]=563224848236800&rand=1606691519075&cid=8CU5BD6EW&vwid=1606691518297687650&vi=1606691518297687650&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=IDF&vgd_l1rakh=1606691518183785746&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1606691518507&upk=1606691518.3430&hvsid=00001606691518507013824209925961&verid=111299&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&pid=8PO5M70HK&katen=1&pc=35&matm=1606691519081&vgd_ltime=620&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=IDF&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=807056986&vgd_katbid=-21&vgd_kals=ttype%3D10007%7C%7Cpc%3D35&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305297&vgd_nrrsf=nrr&vgd_nrrv=97497&vgd_nrrs=97497&vgd_nrrmf=4a&vgd_cntrdt=S%7CDIV&vgd_x_pos=320&vgd_y_pos=11717&vgd_ren_page_h=13510&vgd_cty=PARIS&vgd_l1hcsd=C24%7C7866&vgd_sethcsd=N7%7C8005&vgd_cfud=200218&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500433&vgd_optout=0&vgd_ect=4g&vgd_rensize=630_250&vgd_scr_h=1200&vgd_scr_w=1600&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DFR%26isOffice%3D0%26fvips%3D0%26vi%3D1606691518297687650%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D733976884%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f82684%252fmalware%252flockergoga-ransomware-spreads.html%26%26katid%3D807056986%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A630%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:59 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Sun, 29 Nov 2020 23:11:59 GMT

POST
H2 200 log
navvy.media.net/ Frame 2709 807 B
997 B 627ms
308ms Other
image/gif 54.183.20.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.20.34 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-20-34.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H2 200 nrrV97497.js Show response
contextual.media.net/4a/ Frame 7E57 92 KB
30 KB 41ms
41ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV97497.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

80b8c415d0a2860143f7a4efeb7411e12dbd8574082ef69b63236fe735557182

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6b9b6ac54c0e2971948a958e12b6cad2"
vary: Accept-Encoding
x-mnet-h: 12-27
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Sun, 29 Nov 2020 23:11:59 GMT
content-length: 30495
expires: Sun, 13 Dec 2020 23:11:59 GMT

GET
DATA 200
OK truncated
/ Frame 7E57 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7E57 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7E57 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 nrrV97497.js Show response
contextual.media.net/4a/ Frame 06D0 92 KB
30 KB 43ms
43ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV97497.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

80b8c415d0a2860143f7a4efeb7411e12dbd8574082ef69b63236fe735557182

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6b9b6ac54c0e2971948a958e12b6cad2"
vary: Accept-Encoding
x-mnet-h: 12-27
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Sun, 29 Nov 2020 23:11:59 GMT
content-length: 30495
expires: Sun, 13 Dec 2020 23:11:59 GMT

GET
DATA 200
OK truncated
/ Frame 06D0 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 06D0 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet13.woff
contextual.media.net/__media__/fonts/bullet13/ Frame 06D0 2 KB
2 KB 30ms
29ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet13/bullet13.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6139b4d0af528ec1d0e26ae865c1ca04ac061d844ffa6ccc9e4adaa3af93a2f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1692
expires: Mon, 30 Nov 2020 23:11:59 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 7E57 15 B
397 B 26ms
25ms Script
text/javascript 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001606691518712013824209926600&geo=48.87|2.33&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYNSPEXR-MeV5rdj1I3GL-pywp82zx5k51qo-EfNpa91BNa1bM1834NI5yJ8SWHXctckRzaDHEUkH&lpid=&tsid=1&q=&prv=&type=&ps=&cme=-d4X23YyCQb9CxJmoouKEHG3ra_YYE4uDCHArNss3kMsSKN7gpheYeKfX9696TK4NqdfvO36zXSbKbWuIsfSxoW1hDq62uF_EDYPUSndYMMcKZ6fbqlrANtvZqGCXobl3hPqQv8iC-tYV3NTo0L5jcINRwJdH_f8bbz3HcS9h881XRtLlcAXs2WtREXaMvd-lBDMoPUfCnbs6RJ-4HmJFs9T0aaKgkx9%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C2aGVb_Lbbz9O5033h3F_TCEUJST0S3CikV7AtR5ucmHYTZzv_YLyRz0-LpaHRxJmn9gBOic4v6hOPAk496fd573XKzY-rZUqlvp1iEFgxlQ%3D%7CN7fu2vKt8_s%3D%7CGMZqOVHbTPOrwE38M_NELLJNtM3TieQKz9rCwkg8QBu6XG9onTDwmOIfg4p7k7fdwHPmMKGVfL4oWoxkeQoYKHyYvM5ek6ZK05BtX7vtJy4MsivxPnouIcahKeFjQOFKp3dTRrGLkj1h2yPDvdSJITbKKuEEoUIsRSvnqviJlgfPMpu9s1m9PzixpBiXHzGf52kUMnOYd-_puimMbwkCkA%3D%3D%7C&hint=&td=&cc=FR&wsip=2887305298&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=Nu9&&rc=0&ksu=207&fdkt=439&kwd[]=Free%20Malware%20Antivirus%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329809631&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D1.98&ktd[]=563774604050688&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1202871521&kwp[]=2&kid[]=326729916&kbc2[]=ps%3D0.856%7C%7Crpc%3D2.09%7C%7Clvl%3D1.00&ktd[]=1407649778368768&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=439&kbc[]=1202871521&kwp[]=3&kid[]=330029440&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.59%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Top%20Rated%20Malware%20Tools&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329649619&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.23%7C%7Clvl%3D2.16&ktd[]=563224848236800&kwd[]=Best%20Antivirus%20Software%20of%202020&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329900794&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D2.64&ktd[]=563224848236800&rand=1606691519239&cid=8CU5BD6EW&vwid=1606691518931711683&vi=1606691518931711683&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=IDF&vgd_l1rakh=1606691518139817050&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1606691518712&upk=1606691518.3430&hvsid=00001606691518712013824209926600&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=92&matm=1606691519244&vgd_ltime=536&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=IDF&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=804340239&vgd_katbid=-21&vgd_kals=ttype%3D10017%7C%7Cpc%3D92&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305297&vgd_nrrsf=nrr&vgd_nrrv=97497&vgd_nrrs=97497&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-829833831%7CDIV&vgd_x_pos=320&vgd_y_pos=518&vgd_ren_page_h=14024&vgd_cty=PARIS&vgd_l1hcsd=A21%7C7866&vgd_sethcsd=N7%7C8005&vgd_cfud=200721&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500433&vgd_optout=0&vgd_ect=4g&vgd_rensize=630_250&vgd_scr_h=1200&vgd_scr_w=1600&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DFR%26isOffice%3D0%26fvips%3D0%26vi%3D1606691518931711683%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D829833831%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f82684%252fmalware%252flockergoga-ransomware-spreads.html%26%26katid%3D804340239%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A630%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:59 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Sun, 29 Nov 2020 23:11:59 GMT

POST
H2 200 log
navvy.media.net/ Frame 7E57 807 B
997 B 500ms
307ms Other
image/gif 54.183.20.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.20.34 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-20-34.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 06D0 15 B
397 B 21ms
20ms Script
text/javascript 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001606691518730013824209921959&geo=48.87|2.33&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYNSPEXR-MeV5rdj1I3GL-pywp82zx5k51qo-EfNpa91BNa1bM1834NIQsR_Ewbpb7J3FbLtHvC9p&lpid=&tsid=1&q=&prv=&type=&ps=&cme=hbAA2rMEkLTTPEoK8WuuqYxC4QzAiLJuiUaPfvWTBJFFWe0YBC8C9iqorRLSbz5oHSn-aNj2aEBILPXhgn8MvSMQo3cEL146FLJ13ij6oINHgph30IKq9b0cyXixzAmrCXA-mFjXsAuQ4JptnRhLin-5couidJk24B1sVSv4AuOZAo3Vkxz2JJyy-OFeYjMhhAtK7l_8yroEl4B9A5ggWmEUli8D3AjO%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C2aGVb_Lbbz9O5033h3F_TCEUJST0S3CikV7AtR5ucmHYTZzv_YLyRz0-LpaHRxJmn9gBOic4v6hOPAk496fd573XKzY-rZUqlvp1iEFgxlQ%3D%7CN7fu2vKt8_s%3D%7CP9ruKACafSvah_Ss-ROzjLexYls3FCXcAJLoJ_mtJlPgzM5E0PZVsukJ9eZUwwPjxE5EeDNb7N_0tl5cUbLgWdY-NgxImbucdg9VH9PlAjlK9xNLXuUMeiPF-mJ_yxKEerOksVqG15NLMtZjNtFbWgEWwu1IDOldhiFauVrdKHQneaPZ5x6oke3sCzjHzA6H55ZbtuXuChl2VX7oYWgYkg%3D%3D%7C&hint=&td=&cc=FR&wsip=2887305298&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=Nu9&&rc=0&ksu=207&fdkt=439&kwd[]=Free%20Malware%20Antivirus%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329809631&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D1.98&ktd[]=563774604050688&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1202871521&kwp[]=2&kid[]=326729916&kbc2[]=ps%3D0.856%7C%7Crpc%3D2.09%7C%7Clvl%3D1.00&ktd[]=1407649778368768&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=439&kbc[]=1202871521&kwp[]=3&kid[]=330029440&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.59%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Top%20Rated%20Malware%20Tools&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329649619&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.23%7C%7Clvl%3D2.16&ktd[]=563224848236800&kwd[]=Best%20Antivirus%20Software%20of%202020&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329900794&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D2.64&ktd[]=563224848236800&rand=1606691519265&cid=8CU5BD6EW&vwid=1606691518509799971&vi=1606691518509799971&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=IDF&vgd_l1rakh=1606691518139817050&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1606691518730&upk=1606691518.3430&hvsid=00001606691518730013824209921959&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=21&matm=1606691519268&vgd_ltime=540&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=IDF&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=807056980&vgd_katbid=-21&vgd_kals=ttype%3D10007%7C%7Cpc%3D21&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305230&vgd_nrrsf=nrr&vgd_nrrv=97497&vgd_nrrs=97497&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=327&vgd_y_pos=11623&vgd_ren_page_h=14024&vgd_cty=PARIS&vgd_l1hcsd=A21%7C7866&vgd_sethcsd=N7%7C8005&vgd_cfud=200203&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500433&vgd_optout=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DFR%26isOffice%3D0%26fvips%3D0%26vi%3D1606691518509799971%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f82684%252fmalware%252flockergoga-ransomware-spreads.html%26%26katid%3D807056980%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:59 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Sun, 29 Nov 2020 23:11:59 GMT

POST
H2 200 log
navvy.media.net/ Frame 06D0 807 B
997 B 478ms
308ms Other
image/gif 54.183.20.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.20.34 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-20-34.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H2 200 nrrV97497.js Show response
contextual.media.net/4a/ Frame A482 92 KB
30 KB 46ms
45ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV97497.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

80b8c415d0a2860143f7a4efeb7411e12dbd8574082ef69b63236fe735557182

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6b9b6ac54c0e2971948a958e12b6cad2"
vary: Accept-Encoding
x-mnet-h: 12-27
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Sun, 29 Nov 2020 23:11:59 GMT
content-length: 30495
expires: Sun, 13 Dec 2020 23:11:59 GMT

GET
DATA 200
OK truncated
/ Frame A482 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A482 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet3.woff
contextual.media.net/__media__/fonts/bullet3/ Frame A482 2 KB
2 KB 36ms
36ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet3/bullet3.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0bf3f6e79af33723b0c1a822f59a484a35583303ab76fa9227b694b1e719364f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1688
expires: Mon, 30 Nov 2020 23:11:59 GMT

GET
H2 200 nrrV97497.js Show response
contextual.media.net/4a/ Frame FF38 92 KB
30 KB 39ms
38ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV97497.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

80b8c415d0a2860143f7a4efeb7411e12dbd8574082ef69b63236fe735557182

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6b9b6ac54c0e2971948a958e12b6cad2"
vary: Accept-Encoding
x-mnet-h: 12-27
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Sun, 29 Nov 2020 23:11:59 GMT
content-length: 30495
expires: Sun, 13 Dec 2020 23:11:59 GMT

GET
DATA 200
OK truncated
/ Frame FF38 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame FF38 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet3.woff
contextual.media.net/__media__/fonts/bullet3/ Frame FF38 2 KB
2 KB 31ms
31ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet3/bullet3.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0bf3f6e79af33723b0c1a822f59a484a35583303ab76fa9227b694b1e719364f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1688
expires: Mon, 30 Nov 2020 23:11:59 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 5B1A 90 KB
32 KB 40ms
19ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b54ef0645d382df73c0d53c8cc9217c1145c102bf51ec70ab321782343d1852

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 32285
x-xss-protection: 0
server: cafe
etag: 16266954004979377396
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame B666 3 KB
3 KB 87ms
87ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v732
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 7b420ad439dadbbbc88cef506a6e2ea73c331178f08f984c6b230cec7ac66a04

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 29 Nov 2020 23:11:59 GMT
Last-Modified: Mon, 06 Jul 2020 13:30:16 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5f032768-a4e"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 2638
Expires: Tue, 01 Dec 2020 23:11:59 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame A482 15 B
397 B 17ms
16ms Script
text/javascript 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001606691518758013824209921354&geo=48.87|2.33&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYNSPEXR-MeV5jeh0rh9ECKij3x2UK7Xb4eBd7hLJDUUeylVD6mgOf-BmrJJzl5YPjYZoU_hMjwPm&lpid=&tsid=1&q=&prv=&type=&ps=&cme=7dPTaC80jmPAlug99J5W3U6QKWjUEviDWcyTZJxpK4Lt6s3qliBpSoCvdIZkXMAyNqaRq1OnvVW4DdSaA4PUXhuvnGMZK8_AmU9UFrbvYaRVcNz8HLrIIZ01xDW_MzvysD6_9PbcIEFpCtuFT1ZcGMLy9o3VTPCdYd97GKOGcRo7f8TicKLI_clRuvtfnVq2qgLwFbJWS3ZRAYSPPsHPqw%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C2aGVb_Lbbz9O5033h3F_TCEUJST0S3CikV7AtR5ucmHYTZzv_YLyRz0-LpaHRxJmn9gBOic4v6hOPAk496fd573XKzY-rZUqlvp1iEFgxlQ%3D%7CN7fu2vKt8_s%3D%7CeyOPkfgOPIgup0g_wcbUZ8-ofmAfEcfUxPit1EL6Zx02QUZwAVWk-BroDakYw5r7dn47qD4vKY-N3auoJwx_lhtXxa6-eylAOQtFQIWRdROrkQumb-5LUbcqClf5kipdVUKRHgs8EczBoyD5MYAFjdONczlCCkZ26l_pyserovEultloCsbkGRFAlyKbuw0Ih_03LlzT9-i8vr4bgY3s-Q%3D%3D%7C&hint=&td=&cc=FR&wsip=2887305233&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=Nu9&&rc=0&ksu=207&fdkt=439&kwd[]=Free%20Malware%20Antivirus%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329809631&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D1.98&ktd[]=563774604050688&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1202871521&kwp[]=2&kid[]=326729916&kbc2[]=ps%3D0.856%7C%7Crpc%3D2.09%7C%7Clvl%3D1.00&ktd[]=1407649778368768&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=439&kbc[]=1202871521&kwp[]=3&kid[]=330029440&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.59%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Top%20Rated%20Malware%20Tools&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329649619&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.23%7C%7Clvl%3D2.16&ktd[]=563224848236800&kwd[]=Best%20Antivirus%20Software%20of%202020&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329900794&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D2.64&ktd[]=563224848236800&rand=1606691519366&cid=8CU5BD6EW&vwid=1606691518466571420&vi=1606691518466571420&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=IDF&vgd_l1rakh=1606691518139817050&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1606691518758&upk=1606691518.3430&hvsid=00001606691518758013824209921354&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=9&matm=1606691519375&vgd_ltime=619&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=IDF&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=807619797&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D9&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305228&vgd_nrrsf=nrr&vgd_nrrv=97497&vgd_nrrs=97497&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=466&vgd_ren_page_h=14281&vgd_cty=PARIS&vgd_l1hcsd=A21%7C7866&vgd_sethcsd=N7%7C8005&vgd_cfud=200313&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500433&vgd_optout=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DFR%26isOffice%3D0%26fvips%3D0%26vi%3D1606691518466571420%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f82684%252fmalware%252flockergoga-ransomware-spreads.html%26%26katid%3D807619797%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:59 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Sun, 29 Nov 2020 23:11:59 GMT

POST
H2 200 log
navvy.media.net/ Frame A482 807 B
997 B 378ms
315ms Other
image/gif 54.183.20.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.20.34 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-20-34.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame FF38 15 B
397 B 26ms
26ms Script
text/javascript 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001606691518730013824209921959&geo=48.87|2.33&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYNSPEXR-MeV5jeh0rh9ECKij3x2UK7Xb4eBd7hLJDUUeylVD6mgOf-B8G7-9bWs6O5l5TmmjAKOO&lpid=&tsid=1&q=&prv=&type=&ps=&cme=hbAA2rMEkLSPcfmUidA0RNfb6kjks3rwMI1fc1dVMgWr9ERDMfKyl_FI7STDAdiJ7En0MUhJzZT4CDPCmJN_EFVtC8ZW-ZCHvYokP6SuFW-zpkK-SiZNf_13p653DPjycNoLUVHo_cS-sWsZ9Skr1sK0Iuq0h8h5RI2G8zhc1Tk2hPLpxJghnaD9Ijq4zEyIHPtgyAbg7CaE09PYYS9ugsvc9e-kgeaB%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C2aGVb_Lbbz9O5033h3F_TCEUJST0S3CikV7AtR5ucmHYTZzv_YLyRz0-LpaHRxJmn9gBOic4v6hOPAk496fd573XKzY-rZUqlvp1iEFgxlQ%3D%7CN7fu2vKt8_s%3D%7C3g4ZNj2T47tGtoHTE5m-yYI2SIv5EbVUtLh6pqxe-LfplEVLs8tEXHX1O4IdUSnnPPqzg_GMpuzAj3zUa92H-Uf4YetQZlHFkSX8kN3hoB0sD0iVB8TefnI1Swhdia93ZGMAxJr9UgWbIA6hDsL4OGwxwn0Gg6sTu7yP5kWDpTSqB-W4so14LiOYoAKC-kyp6i1HwnEpkjNBqhKwbPtB4g%3D%3D%7C&hint=&td=&cc=FR&wsip=2886780971&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=NW&&rc=0&ksu=207&fdkt=439&kwd[]=Free%20Malware%20Antivirus%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329809631&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D1.98&ktd[]=563774604050688&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1202871521&kwp[]=2&kid[]=326729916&kbc2[]=ps%3D0.856%7C%7Crpc%3D2.09%7C%7Clvl%3D1.00&ktd[]=1407649778368768&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=439&kbc[]=1202871521&kwp[]=3&kid[]=330029440&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.59%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Top%20Rated%20Malware%20Tools&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329649619&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.23%7C%7Clvl%3D2.16&ktd[]=563224848236800&kwd[]=Best%20Antivirus%20Software%20of%202020&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329900794&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D2.64&ktd[]=563224848236800&rand=1606691519387&cid=8CU5BD6EW&vwid=1606691518775536445&vi=1606691518775536445&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=IDF&vgd_l1rakh=1606691518139817050&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1606691518741&upk=1606691518.3430&hvsid=00001606691518730013824209921959&verid=3121199&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=5&matm=1606691519389&vgd_ltime=651&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=IDF&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=807056976&vgd_katbid=-21&vgd_kals=ttype%3D10007%7C%7Cpc%3D5&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886781032&vgd_nrrsf=nrr&vgd_nrrv=97497&vgd_nrrs=97497&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=327&vgd_y_pos=11880&vgd_ren_page_h=14281&vgd_cty=PARIS&vgd_l1hcsd=A21%7C7866&vgd_sethcsd=N7%7C8005&vgd_cfud=200131&vgd_is_amp=0&vgd_optout=0&vgd_ect=4g&vgd_rensize=600_250&vgd_scr_h=1200&vgd_scr_w=1600&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DFR%26isOffice%3D0%26fvips%3D0%26vi%3D1606691518775536445%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f82684%252fmalware%252flockergoga-ransomware-spreads.html%26%26katid%3D807056976%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A600%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:59 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Sun, 29 Nov 2020 23:11:59 GMT

POST
H2 200 log
navvy.media.net/ Frame FF38 807 B
998 B 356ms
307ms Other
image/gif 54.183.20.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.20.34 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-20-34.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/ Frame 5B1A 231 KB
87 KB 58ms
43ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad7386d16a056df5c235702a97a5fa4cee68e302d71041aa35df96151f756f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 88601
x-xss-protection: 0
server: cafe
etag: 4353532171737760018
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201112/r20190131/ Frame 017A 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201112/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201112/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 29 Nov 2020 00:54:52 GMT
expires: Sun, 13 Dec 2020 00:54:52 GMT
content-type: text/html; charset=UTF-8
etag: 5228831996244654541
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4745
x-xss-protection: 0
age: 80227
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 nrrV97497.js Show response
contextual.media.net/4a/ Frame 2850 92 KB
30 KB 54ms
53ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV97497.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

80b8c415d0a2860143f7a4efeb7411e12dbd8574082ef69b63236fe735557182

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6b9b6ac54c0e2971948a958e12b6cad2"
vary: Accept-Encoding
x-mnet-h: 12-27
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Sun, 29 Nov 2020 23:11:59 GMT
content-length: 30495
expires: Sun, 13 Dec 2020 23:11:59 GMT

GET
DATA 200
OK truncated
/ Frame 2850 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2850 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet3.woff
contextual.media.net/__media__/fonts/bullet3/ Frame 2850 2 KB
2 KB 31ms
30ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet3/bullet3.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0bf3f6e79af33723b0c1a822f59a484a35583303ab76fa9227b694b1e719364f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1688
expires: Mon, 30 Nov 2020 23:11:59 GMT

POST
H/1.1 200
OK demo_track.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame B666 36 B
615 B 277ms
98ms XHR
text/html 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.php
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v732
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:11:59 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Tue, 01 Dec 2020 23:11:59 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 5B1A 208 B
646 B 98ms
35ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

487a6cbcf25f502c5a8f99706da656b9f926a3fb5a16197e0d709706dcc781fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 5B1A 109 B
803 B 43ms
22ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 5B1A 109 B
803 B 42ms
22ms Script
application/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame B6E5 0
0 248ms
247ms Document
text/html 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492129&pi=t.ma~as.1139220782&w=320&lmt=1606691519&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1606691519408&bpp=17&bdt=54&idt=87&shv=r20201112&cbv=r20190131&ptt=5&saldr=sa&correlator=4386018426021&frm=21&ife=1&pv=2&ga_vid=1438483116.1606691518&ga_sid=1606691520&ga_hid=1661755735&ga_fc=1&iag=63&icsg=650&nhd=3&dssz=7&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=1011&biw=1600&bih=1200&isw=320&ish=50&ifk=2179207362&scr_x=0&scr_y=0&eid=21067982%2C21068084&oid=3&pvsid=293517201018259&pem=438&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.68ru4wyypnra&fsb=1&xpc=QWyNmh8omX&p=https%3A//securityaffairs.co&dtd=102

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492129&pi=t.ma~as.1139220782&w=320&lmt=1606691519&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1606691519408&bpp=17&bdt=54&idt=87&shv=r20201112&cbv=r20190131&ptt=5&saldr=sa&correlator=4386018426021&frm=21&ife=1&pv=2&ga_vid=1438483116.1606691518&ga_sid=1606691520&ga_hid=1661755735&ga_fc=1&iag=63&icsg=650&nhd=3&dssz=7&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=1011&biw=1600&bih=1200&isw=320&ish=50&ifk=2179207362&scr_x=0&scr_y=0&eid=21067982%2C21068084&oid=3&pvsid=293517201018259&pem=438&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.68ru4wyypnra&fsb=1&xpc=QWyNmh8omX&p=https%3A//securityaffairs.co&dtd=102
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 29 Nov 2020 23:11:59 GMT
server: cafe
content-length: 22208
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 29-Nov-2020 23:26:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Sun, 29 Nov 2020 23:11:59 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5B1A 73 KB
28 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d56ee6a2ba915ad87e2dc9b49d9199563f3b35f9e048938e84d1a033e5c2b1c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1605702985553312"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28207
x-xss-protection: 0
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 2850 15 B
397 B 26ms
25ms Script
text/javascript 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001606691518751013824209928959&geo=48.87|2.33&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYNSPEXR-MeV5jeh0rh9ECKij3x2UK7Xb4eBd7hLJDUUeylVD6mgOf-CUmaQZOsNgvzK5vU9fsmGF&lpid=&tsid=1&q=&prv=&type=&ps=&cme=7dPTaC80jmP4ccGqaD2C1XwpA6RepvmsELWsVnu09l0bK4Yc-LpRvszTvlyfpl3A9gKlCcS0NZPuTzk2hAAAT5Wzrk-SekXHmk_b4L9rqDER5UOmmAx51163ATMKF64DD7LpLpifsqMc2Hd_u6JEKwZUuRMkMHlvOj-kx1jJjnrnee3GoQ7VscaGJ6et-Habg-kULhG3c9REvp8S6W6DTbUZCOU2HJ06%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C2aGVb_Lbbz9O5033h3F_TCEUJST0S3CikV7AtR5ucmHYTZzv_YLyRz0-LpaHRxJmn9gBOic4v6hOPAk496fd573XKzY-rZUqlvp1iEFgxlQ%3D%7CN7fu2vKt8_s%3D%7CZ2B6VmPo4cH-0QgmD6fFahVQmmctAH9c3DnG3TlOqSWGwFsItLcc3QfxP5plvcH3k2W1dyzWl3nRRdCIAH4qTT16OkNMoEGIeMVkp7AeXskRg5BtgrsBzaNTIekvEFd07g6itCc56buUBQaJ3JbYNunaOTAds-YKjvVm-iYrZBQqw3TZ5buF1V4WuVLWwQcVXMKG7MtvUkY8LOuBMPbLRg%3D%3D%7C&hint=&td=&cc=FR&wsip=2886781044&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=NW&&rc=0&ksu=207&fdkt=439&kwd[]=Free%20Malware%20Antivirus%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329809631&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D1.98&ktd[]=563774604050688&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1202871521&kwp[]=2&kid[]=326729916&kbc2[]=ps%3D0.856%7C%7Crpc%3D2.09%7C%7Clvl%3D1.00&ktd[]=1407649778368768&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=439&kbc[]=1202871521&kwp[]=3&kid[]=330029440&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.59%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Top%20Rated%20Malware%20Tools&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329649619&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.23%7C%7Clvl%3D2.16&ktd[]=563224848236800&kwd[]=Best%20Antivirus%20Software%20of%202020&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329900794&kbc2[]=ps%3D0.856%7C%7Crpc%3D0.43%7C%7Clvl%3D2.64&ktd[]=563224848236800&rand=1606691519531&cid=8CU5BD6EW&vwid=1606691518196914996&vi=1606691518196914996&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=IDF&vgd_l1rakh=1606691518139817050&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1606691518751&upk=1606691518.3430&hvsid=00001606691518751013824209928959&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=1&matm=1606691519534&vgd_ltime=786&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=IDF&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=801353038&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D1&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886781036&vgd_nrrsf=nrr&vgd_nrrv=97497&vgd_nrrs=97497&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&vgd_x_pos=980&vgd_y_pos=413&vgd_ren_page_h=14281&vgd_cty=PARIS&vgd_l1hcsd=A21%7C7866&vgd_sethcsd=N7%7C8005&vgd_cfud=200313&vgd_is_amp=0&vgd_optout=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DFR%26isOffice%3D0%26fvips%3D0%26vi%3D1606691518196914996%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D184323154%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f82684%252fmalware%252flockergoga-ransomware-spreads.html%26%26katid%3D801353038%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:11:59 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Sun, 29 Nov 2020 23:11:59 GMT

POST
H2 200 log
navvy.media.net/ Frame 2850 807 B
997 B 231ms
230ms Other
image/gif 54.183.20.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV97497.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.20.34 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-20-34.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:11:59 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5B1A 8 KB
7 KB 40ms
25ms XHR
application/json 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201112&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

afd0e4804ea81ad75436f0341b53a14a4e6df9ad501d4ccaf4a3a6dd5e882c80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6447
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5B1A 16 KB
6 KB 66ms
52ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H3-Q050 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame CB22 90 KB
32 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b54ef0645d382df73c0d53c8cc9217c1145c102bf51ec70ab321782343d1852

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 32285
x-xss-protection: 0
server: cafe
etag: 16266954004979377396
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame DC14 3 KB
3 KB 87ms
87ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v500
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 7b420ad439dadbbbc88cef506a6e2ea73c331178f08f984c6b230cec7ac66a04

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 29 Nov 2020 23:11:59 GMT
Last-Modified: Mon, 06 Jul 2020 13:30:16 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5f032768-a4e"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 2638
Expires: Tue, 01 Dec 2020 23:11:59 GMT

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/ Frame CB22 231 KB
87 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad7386d16a056df5c235702a97a5fa4cee68e302d71041aa35df96151f756f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:11:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 88601
x-xss-protection: 0
server: cafe
etag: 4353532171737760018
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 29 Nov 2020 23:11:59 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 3E31 0
0 6ms
6ms Document
text/html 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Sun, 29 Nov 2020 22:44:02 GMT
expires: Mon, 29 Nov 2021 22:44:02 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1677
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame CB22 12 B
458 B 85ms
50ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548&cookie=ID%3D736a3efbf6370290-222d6aab7ca600ef%3AT%3D1606691519%3ART%3D1606691519%3AS%3DALNI_MY3Y2U4lvWBO9DeHw1LO3kEVIF2AQ

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:12:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame CB22 109 B
781 B 42ms
28ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 29 Nov 2020 23:12:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame CB22 109 B
781 B 43ms
29ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 29 Nov 2020 23:12:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 1898 0
0 202ms
202ms Document
text/html 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1357492134&pi=t.ma~as.1680648786&w=300&lmt=1606691520&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1606691519965&bpp=4&bdt=30&idt=46&shv=r20201112&cbv=r20190131&ptt=5&saldr=sa&cookie=ID%3D736a3efbf6370290-222d6aab7ca600ef%3AT%3D1606691519%3ART%3D1606691519%3AS%3DALNI_MY3Y2U4lvWBO9DeHw1LO3kEVIF2AQ&correlator=4386018426021&frm=21&ife=1&pv=1&ga_vid=1438483116.1606691518&ga_sid=1606691520&ga_hid=1000038585&ga_fc=1&iag=63&icsg=650&nhd=3&dssz=7&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=12765&biw=1600&bih=1200&isw=300&ish=250&ifk=2656847982&scr_x=0&scr_y=0&eid=21066922%2C21068084&oid=3&pvsid=413414705423463&pem=438&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.spoo7lqp8m7v&btvi=1&fsb=1&xpc=S2hX4wYy3y&p=https%3A//securityaffairs.co&dtd=53

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1357492134&pi=t.ma~as.1680648786&w=300&lmt=1606691520&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1606691519965&bpp=4&bdt=30&idt=46&shv=r20201112&cbv=r20190131&ptt=5&saldr=sa&cookie=ID%3D736a3efbf6370290-222d6aab7ca600ef%3AT%3D1606691519%3ART%3D1606691519%3AS%3DALNI_MY3Y2U4lvWBO9DeHw1LO3kEVIF2AQ&correlator=4386018426021&frm=21&ife=1&pv=1&ga_vid=1438483116.1606691518&ga_sid=1606691520&ga_hid=1000038585&ga_fc=1&iag=63&icsg=650&nhd=3&dssz=7&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=12765&biw=1600&bih=1200&isw=300&ish=250&ifk=2656847982&scr_x=0&scr_y=0&eid=21066922%2C21068084&oid=3&pvsid=413414705423463&pem=438&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.spoo7lqp8m7v&btvi=1&fsb=1&xpc=S2hX4wYy3y&p=https%3A//securityaffairs.co&dtd=53
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 29 Nov 2020 23:12:00 GMT
server: cafe
content-length: 5044
x-xss-protection: 0
set-cookie: IDE=AHWqTUlx6uelfAbeCL7wf3j1xbgA_On0NG7VlkbDpKjiNf-HeKUJLM915kOdsj5r; expires=Fri, 24-Dec-2021 23:12:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Sun, 29 Nov 2020 23:12:00 GMT
cache-control: private

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB22 73 KB
28 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d56ee6a2ba915ad87e2dc9b49d9199563f3b35f9e048938e84d1a033e5c2b1c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:12:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1605702985553312"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28207
x-xss-protection: 0
expires: Sun, 29 Nov 2020 23:12:00 GMT

POST
H/1.1 200
OK demo_track.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame DC14 36 B
615 B 99ms
99ms XHR
text/html 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.php
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v500
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Tue, 01 Dec 2020 23:12:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B1A 0
88 B 15ms
15ms Image
image/gif 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201112&jk=293517201018259&bg=!paalpobNAAVGySeIRlgohGfR7sRwNgIAAABDUgAAAAxoAQcKAVBbxX7VtEmu5bkrBQDrh8ZgEQwZjRtjIE7kje1Y35NFKShJt6glh-t_Zuk_G72gkkcKTZMGgx5-gCNet-WiclypUo5V6gHlvUVlSMXqf9Rb2yuGC00yiVEgRJECGsJrJzvHfRFFZrtmCsqsIr8ybJZSWhWHKphzw09TVOmzH29GTMvIeyqiyqcoKNsR_KoQmcIPAE-mBUIQJLlB7wGGx4Xm2eag5yuj5xvlQOAtQtuMU0Lw3VN-z3GNpQzI5gfURm7pZXufIvSNeoiMnaydiD1x43SBVxOVuch0eamu0-Fh2ncTDftsc9M6z8u1195JtCCD3fpvpVYwTQ9mqjiZgWt4ESyXYpwa23BzAZBmwcK6JZxC9V6bxzjvvlRtu8wV0ynAXDMH5f4Q_f7xaDuiRJcjD5OtwGuVSeAHnmJOe_nw79CHYL-Ed7yV6pkDJOiDwO-ZAg8vnVz65hISHgZweHej9t1ff8IRfoebwLlBsQWzUzTuVJ9vZCHMzh_PaIa9E4ToIkMyXOJwMK4yqHzmNjyMze7BJOcLtmh_bDm_7lXXxAi025qv9QXoCf7l3zAxdNti3YtE5hMWrQewHrpjNZE2o-ufwP9UEjqL8aLqS4hQ4bnrsQmGOOlYQQtOH4z2-5SkZkdmTid0QqbTXX0WcEUpcUH0uv8yUEMeFOnBMNDdeJ_bbykCfLAxFJn_tuJw_aq4SeEtYqar9Ec9aMnq-H1uzfg6RAKyaI4jHcw2fFaO7vBH1UnQNJDx6nWIdL-gNd4XZNBaATrpJ2SUwnzT3YgmE4l9zzSpxhxdU3LusXtTG9DcdIywHj3oUK1CwTXsGVHd_pnkdeh9s5urQZsum6d_MHwx0RWVomjBsvmwcKKqMs16DAY8RrAEmlrm7Hny6GNDEOmvKrhhDyMOfCZ1cHyOgqlDmCfgsfAyC4t1qxIxspFHkO1MG-oqLMzqdSEgC432aPJoT236hX1x1U3uukPnqsVzK9CoWwE1UfdjX0fPKoXNaGcslW11HVbrwAsHbsGUpot3RBhDp4hAHxG_uzXoB823PBpsIFVHhd98_Wz4fbsaxqcoDxts0Iw8xe7aKqOaHiL1TSP1N9-AETXpVRRhIXniMy4JtKZt8mOpaKqgVmetZfkI7z-qRedYlxCNyQmFFg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:12:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 26ms
26ms Image
text/javascript 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&katid=804340239&kals=ttype%3D10017%7C%7Cpc%3D92&katen=1&pc=92&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=-d4X23YyCQb9CxJmoouKEHG3ra_YYE4uDCHArNss3kMsSKN7gpheYeKfX9696TK4NqdfvO36zXSbKbWuIsfSxoW1hDq62uF_EDYPUSndYMMcKZ6fbqlrANtvZqGCXobl3hPqQv8iC-tYV3NTo0L5jcINRwJdH_f8bbz3HcS9h881XRtLlcAXs2WtREXaMvd-lBDMoPUfCnbs6RJ-4HmJFs9T0aaKgkx9||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|2aGVb_Lbbz9O5033h3F_TCEUJST0S3CikV7AtR5ucmHYTZzv_YLyRz0-LpaHRxJmn9gBOic4v6hOPAk496fd573XKzY-rZUqlvp1iEFgxlQ=|N7fu2vKt8_s=|GMZqOVHbTPOrwE38M_NELLJNtM3TieQKz9rCwkg8QBu6XG9onTDwmOIfg4p7k7fdwHPmMKGVfL4oWoxkeQoYKHyYvM5ek6ZK05BtX7vtJy4MsivxPnouIcahKeFjQOFKp3dTRrGLkj1h2yPDvdSJITbKKuEEoUIsRSvnqviJlgfPMpu9s1m9PzixpBiXHzGf52kUMnOYd-_puimMbwkCkA==|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=829833831&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&vi=1606691518931711683&ugd=4&cc=FR&sc=IDF&startTime=1606691518708&l2type=setting&vgd_l1rakh=1606691518139817050&l1ch=1&sttm=1606691518712&upk=1606691518.3430&hvsid=00001606691518712013824209926600&verid=3121199&vgd_sc=IDF&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A21|7866&vgd_uspa=0&vgd_isiolc=1&npgv=1&l3c=%7B%7D&l3d=%7B%22cntrdt%22%3A%22AS%7CDIV-829833831%7CDIV%22%7D&l3l=%7B%7D&l2ch=0&l2wsip=2887305297

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:12:00 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Sun, 29 Nov 2020 23:12:00 GMT

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 26ms
25ms Image
text/javascript 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&katid=807619797&kals=ttype%3D10002%7C%7Cpc%3D9&katen=1&pc=9&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=7dPTaC80jmPAlug99J5W3U6QKWjUEviDWcyTZJxpK4Lt6s3qliBpSoCvdIZkXMAyNqaRq1OnvVW4DdSaA4PUXhuvnGMZK8_AmU9UFrbvYaRVcNz8HLrIIZ01xDW_MzvysD6_9PbcIEFpCtuFT1ZcGMLy9o3VTPCdYd97GKOGcRo7f8TicKLI_clRuvtfnVq2qgLwFbJWS3ZRAYSPPsHPqw==||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|2aGVb_Lbbz9O5033h3F_TCEUJST0S3CikV7AtR5ucmHYTZzv_YLyRz0-LpaHRxJmn9gBOic4v6hOPAk496fd573XKzY-rZUqlvp1iEFgxlQ=|N7fu2vKt8_s=|eyOPkfgOPIgup0g_wcbUZ8-ofmAfEcfUxPit1EL6Zx02QUZwAVWk-BroDakYw5r7dn47qD4vKY-N3auoJwx_lhtXxa6-eylAOQtFQIWRdROrkQumb-5LUbcqClf5kipdVUKRHgs8EczBoyD5MYAFjdONczlCCkZ26l_pyserovEultloCsbkGRFAlyKbuw0Ih_03LlzT9-i8vr4bgY3s-Q==|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&vi=1606691518466571420&ugd=4&cc=FR&sc=IDF&startTime=1606691518757&l2type=setting&vgd_l1rakh=1606691518139817050&l1ch=1&sttm=1606691518758&upk=1606691518.3430&hvsid=00001606691518758013824209921354&verid=3121199&vgd_sc=IDF&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A21|7866&vgd_uspa=0&vgd_isiolc=1&npgv=1&l3c=%7B%7D&l3d=%7B%22cntrdt%22%3A%22AS%7CDIV-647633027%7CDIV%22%7D&l3l=%7B%7D&l2ch=0&l2wsip=2887305228

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:12:00 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Sun, 29 Nov 2020 23:12:00 GMT

GET
H2 200 visitormatch
bh.contextweb.com/ Frame 510E 0
0 304ms
98ms Document
text/html 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://bh.contextweb.com/visitormatch

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: bh.contextweb.com
:scheme: https
:path: /visitormatch
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vf=1; V=RHlzliSqx2dQ; wf=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-67968c599b-t8zmx
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
content-type: text/html;charset=iso-8859-1
set-cookie: V=;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Sun, 29-Nov-2020 23:12:00 GMT;Max-Age=0;SameSite=None INGRESSCOOKIE=2ef87ade48f451d6; path=/; HttpOnly; Secure; SameSite=None
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 2D85 0
0 39ms
30ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.198.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=b9caa8ae-aa4d-4986-9106-cf4563236eb9|1606691519
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=b9caa8ae-aa4d-4986-9106-cf4563236eb9|1606691519; Version=1; Expires=Mon, 29-Nov-2021 23:12:00 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1606691520|gekin0vNiygu; Version=1; Expires=Mon, 14-Dec-2020 23:12:00 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.198.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Sun, 29 Nov 2020 23:12:00 GMT
content-type: text/html
content-length: 422
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 0B7A 0
0 101ms
40ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=53043
Expires: Mon, 30 Nov 2020 13:56:03 GMT
Date: Sun, 29 Nov 2020 23:12:00 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 3C8B 0
0 77ms
25ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: icu=ChgI3sJXEAoYASABKAEwv9WQ_gU4AUABSAEQv9WQ_gUYAA..; uuid2=6143843170490652838
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: "5e7a2cb3-cefd"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17037
Cache-Control: max-age=86402
Expires: Mon, 30 Nov 2020 23:12:02 GMT
Date: Sun, 29 Nov 2020 23:12:00 GMT
Connection: keep-alive

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame B666
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=a5ee7d6e-93cb-4ef9-997c-800d2391cf04&pubid=0b24fdfc82

49 B
532 B

128ms
62ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=a5ee7d6e-93cb-4ef9-997c-800d2391cf04&pubid=0b24fdfc82

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:12:00 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=a5ee7d6e-93cb-4ef9-997c-800d2391cf04&pubid=0b24fdfc82
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H2

200

sync
odr.mookie1.com/t/v2/ Frame B666
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=c8a71e5c-9900-457f-8134-5254690f5549&ssp=sonobi&gdpr=&gdpr_consent=

43 B
324 B

60ms
28ms

Image
image/gif

34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=c8a71e5c-9900-457f-8134-5254690f5549&ssp=sonobi&gdpr=&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:12:00 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: //odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=c8a71e5c-9900-457f-8134-5254690f5549&ssp=sonobi&gdpr=&gdpr_consent=
date: Sun, 29 Nov 2020 23:12:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame B666
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=f1005fc4-2ac0-4f00-94c0-118badb95ea6

49 B
532 B

126ms
63ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=f1005fc4-2ac0-4f00-94c0-118badb95ea6

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sun, 29 Nov 2020 23:12:01 GMT
Server: MT3 3322 7ec6219 master zrh-pixel-x14
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=f1005fc4-2ac0-4f00-94c0-118badb95ea6
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 29 Nov 2020 23:12:00 GMT

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame B666
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=c9ff829a-4599-495f-a541-da0346091c96&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=U1BWNkdwU21qeWhLUm1EMDlwQ1J1dw&gdpr=&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEGxdEef2RAPnTsQU7RbnCac&google_cver=1

49 B
333 B

102ms
99ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEGxdEef2RAPnTsQU7RbnCac&google_cver=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-67968c599b-nlltv
expires: -1

Redirect headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:12:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEGxdEef2RAPnTsQU7RbnCac&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame B666
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

49 B
532 B

112ms
28ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Server: Tengine
ETag: OPTOUT
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame B666
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1871878964716077974

49 B
536 B

112ms
27ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1871878964716077974

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1871878964716077974
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame B666
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YzlmZjgyOWEtNDU5OS00OTVmLWE1NDEtZGEwMzQ2MDkxYzk2
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEpyGjs94th3_9il6Sao1V0&google_cver=1

49 B
536 B

112ms
27ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEpyGjs94th3_9il6Sao1V0&google_cver=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:12:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEpyGjs94th3_9il6Sao1V0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 25ms
25ms Image
text/javascript 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&katid=801353038&kals=ttype%3D10002%7C%7Cpc%3D1&katen=1&pc=1&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=7dPTaC80jmP4ccGqaD2C1XwpA6RepvmsELWsVnu09l0bK4Yc-LpRvszTvlyfpl3A9gKlCcS0NZPuTzk2hAAAT5Wzrk-SekXHmk_b4L9rqDER5UOmmAx51163ATMKF64DD7LpLpifsqMc2Hd_u6JEKwZUuRMkMHlvOj-kx1jJjnrnee3GoQ7VscaGJ6et-Habg-kULhG3c9REvp8S6W6DTbUZCOU2HJ06||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|2aGVb_Lbbz9O5033h3F_TCEUJST0S3CikV7AtR5ucmHYTZzv_YLyRz0-LpaHRxJmn9gBOic4v6hOPAk496fd573XKzY-rZUqlvp1iEFgxlQ=|N7fu2vKt8_s=|Z2B6VmPo4cH-0QgmD6fFahVQmmctAH9c3DnG3TlOqSWGwFsItLcc3QfxP5plvcH3k2W1dyzWl3nRRdCIAH4qTT16OkNMoEGIeMVkp7AeXskRg5BtgrsBzaNTIekvEFd07g6itCc56buUBQaJ3JbYNunaOTAds-YKjvVm-iYrZBQqw3TZ5buF1V4WuVLWwQcVXMKG7MtvUkY8LOuBMPbLRg==|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82684%2Fmalware%2Flockergoga-ransomware-spreads.html&vi=1606691518196914996&ugd=4&cc=FR&sc=IDF&startTime=1606691518749&l2type=setting&vgd_l1rakh=1606691518139817050&l1ch=1&sttm=1606691518751&upk=1606691518.3430&hvsid=00001606691518751013824209928959&verid=3121199&vgd_sc=IDF&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A21|7866&vgd_uspa=0&vgd_isiolc=1&npgv=1&l3c=%7B%7D&l3d=%7B%22cntrdt%22%3A%22AS%7CDIV-184323154%7CDIV%22%7D&l3l=%7B%7D&l2ch=0&l2wsip=2886781036

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Sun, 29 Nov 2020 23:12:00 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Sun, 29 Nov 2020 23:12:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame DC14
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

49 B
446 B

62ms
61ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Server: Tengine
ETag: OPTOUT
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame DC14
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=a5ee7d6e-93cb-4ef9-997c-800d2391cf04&pubid=0b24fdfc82

49 B
446 B

27ms
27ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=a5ee7d6e-93cb-4ef9-997c-800d2391cf04&pubid=0b24fdfc82

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:12:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=a5ee7d6e-93cb-4ef9-997c-800d2391cf04&pubid=0b24fdfc82
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame DC14
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=sonobi&bsw_custom_parameter=c8a71e5c-9900-457f-8134-5254690f5549
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=sonobi&bsw_custom_parameter=c8a71e5c-9900-457f-8134-5254690f5549
https://x.bidswitch.net/sync?dsp_id=4&user_id=40018769-2461-49b8-a534-2f15858c6638&ssp=sonobi&expires=30&user_group=5&bsw_param=c8a71e5c-9900-457f-8134-5254690f5549
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c8a71e5c-9900-457f-8134-5254690f5549

49 B
446 B

27ms
27ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c8a71e5c-9900-457f-8134-5254690f5549

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c8a71e5c-9900-457f-8134-5254690f5549
date: Sun, 29 Nov 2020 23:12:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame DC14
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=52735fc4-2ac0-4200-af02-b0613be6daaa

49 B
532 B

36ms
33ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=52735fc4-2ac0-4200-af02-b0613be6daaa

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sun, 29 Nov 2020 23:12:01 GMT
Server: MT3 3322 7ec6219 master zrh-pixel-x20
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=52735fc4-2ac0-4200-af02-b0613be6daaa
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 29 Nov 2020 23:12:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame DC14
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1871878964716077974

49 B
446 B

57ms
56ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1871878964716077974

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1871878964716077974
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 06DC 0
0 30ms
30ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=158127:2; KADUSERCOOKIE=B4058265-88BA-4E63-853B-F1FFD160EB91; chkChromeAb67Sec=1; DPSync3=1607817600%3A201_226_221_219; SyncRTB3=1607212800%3A15_67_2%7C1609200000%3A203%7C1607817600%3A7_71_22_13_161_3_5_21_54_55_204_8_220_165_189_222_99_176_78_88_56_223_166_81%7C1607472000%3A63%7C1607904000%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=53043
Expires: Mon, 30 Nov 2020 13:56:03 GMT
Date: Sun, 29 Nov 2020 23:12:00 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 visitormatch
bh.contextweb.com/ Frame 5F64 0
0 95ms
94ms Document
text/html 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://bh.contextweb.com/visitormatch

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: bh.contextweb.com
:scheme: https
:path: /visitormatch
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vf=1; wf=0; INGRESSCOOKIE=945759c279424c84
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-67968c599b-jgf6b
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
content-type: text/html;charset=iso-8859-1
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame E0C4 0
0 28ms
28ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.198.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=b9caa8ae-aa4d-4986-9106-cf4563236eb9|1606691519; pd=v2|1606691520|gekin0vNiygu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=b9caa8ae-aa4d-4986-9106-cf4563236eb9|1606691519; Version=1; Expires=Mon, 29-Nov-2021 23:12:00 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1606691520|mWkigqiysLommOgevNgunsn0; Version=1; Expires=Mon, 14-Dec-2020 23:12:00 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.198.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Sun, 29 Nov 2020 23:12:00 GMT
content-type: text/html
content-length: 317
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 6B19 0
0 28ms
27ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: icu=ChgI3sJXEAoYASABKAEwv9WQ_gU4AUABSAEQv9WQ_gUYAA..; uuid2=6143843170490652838
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: "5e7a2cb3-cefd"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17037
Cache-Control: max-age=86402
Expires: Mon, 30 Nov 2020 23:12:02 GMT
Date: Sun, 29 Nov 2020 23:12:00 GMT
Connection: keep-alive

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame DC14
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=03a4f8c4-287e-4024-957b-5e505d1e6c69&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=bThScDMzYXBNbGF2YmpheEQ4dWN0UQ&gdpr=&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEGxdEef2RAPnTsQU7RbnCac&google_cver=1

49 B
333 B

98ms
98ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEGxdEef2RAPnTsQU7RbnCac&google_cver=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-67968c599b-jgf6b
expires: -1

Redirect headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:12:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEGxdEef2RAPnTsQU7RbnCac&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame DC14
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MDNhNGY4YzQtMjg3ZS00MDI0LTk1N2ItNWU1MDVkMWU2YzY5
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEpyGjs94th3_9il6Sao1V0&google_cver=1

49 B
446 B

61ms
61ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEpyGjs94th3_9il6Sao1V0&google_cver=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 29 Nov 2020 23:12:00 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:12:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEpyGjs94th3_9il6Sao1V0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CB22 8 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201112&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51110e72739129c4f349b81492c59f077baac36420bf1feeab5e3e33cf4e407b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 29 Nov 2020 23:12:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6429
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CB22 16 KB
6 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 29 Nov 2020 23:12:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Sun, 29 Nov 2020 23:12:08 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 8197 0
0 6ms
6ms Document
text/html 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Sun, 29 Nov 2020 22:44:02 GMT
expires: Mon, 29 Nov 2021 22:44:02 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1686
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CB22 0
88 B 15ms
14ms Image
image/gif 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201112&jk=413414705423463&bg=!8vGl8dHNAAUoamvQKFhTH8ffAOllsAIAAACZUgAAABxoAQcKAZ6jx1XEVORDa6C5SROf_LSMmQmbQOZxNhWYrZf0sMjqTyFRIC3gOdR1XPvAC4PzNVszWqFHxypoVcdrPi0tG4z1NS53gnfD1eSl19Y4PvZY4A73XyWUYpa6CcXr7V8ZXlfqYUPTyGta-N9NQNg2PgznvN4DYq-0sVv3xRbNwY07h3baU3jwoY4BDYXunpbCg8LlM8JGnONU1NlkwNfe52PtaAuiyKk-qphQTAaBYKPJJ63inS4v0KqdXFI5SL44Ap8OfirFwsxKrIOGOiPfsYBTEHgB39bc065SbdexgCa99EXlOpyDZvYFWaBs7a6aHt-33_Rupq_NGXbgPeIu5siUfJUsUsp9Hdw1OV9b5AvXHeQVqmEIzpi-pyukOh-hSEKz7QMsqtDRZV5PKQoQssmw6ykyrfiHUM7EVCuTeziMY0WJCnoYlSKys0ELaK7TdxzlMkCRVpWAHk4Bs4l975wS6AqkZ7JoSGeiGsUnJsXpCEJPZ7HQwdOMcsIdiBSWAZJF8hmg2uOPBBQVZbMRZeX-Gn5VYdCZOXbIe2jVnPGZAg-qNR-0sO9w5n4vSqgvmrYuvNVzs1gEmBgzGn3fmxYkh_bqm6ybEb9X34df4Etb02qaJVv3lXwUSeXmElO1AMmRySNwosvQllY13L36ZiIo7KyCmdp4QNtqnpbvKJfXW4q7GiVnxfH4Kyjrizn5AaVeQt1nkNdfu6WuPHFC9ctDLJSAS5ldj12vk_iwsP_BDFJrHywYawKESMF-ENY84zMrzoKOJN2fRu7v4tL5DltVC6GUjxDgrPCaF5UStitdTRPOnijxdXSV70zKMN5tYms5o9OA8NpqqH9mZ9LL3QISc_QYpKMS_EJbznq4zct0KBemKLV6xaQbYZoz_4U3HIOKMBw9ihEO0rQJ255_GXapFzQNI4aco3HMQW2cYNYKPvL8GVIXzXKCGcIvZfyLJTTlKloDGhFxSwowhNEvpE7CsVEaFk3vVEgQt681hX1Oh63fTskgteiSotUoi_eESXDUs-1mvip76Z0z6CmNVG0iK3kNfHttEkjpTK4Ppw0Imhnt9-5auyORPF38LzTLf9JdlLQxPb1fSegNiEnzUrEBxv0kShgxUhgknrMWgqlib6cVIQtmfB5DNkDH2PHKDDXeinQGCm7cCBA5y67-WO5LXeeIOi20snObhrNZzPldFJWurS3mssJdJy6kA3sPS_fSjy0bIgsSJr-2pHP8xAkcbAxc27GAIT3x9ziBW1IJTg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/82684/malware/lockergoga-ransomware-spreads.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Nov 2020 23:12:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=d2c1d626d6d17b7c784678224f6cb29e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=d2c1d626d6d17b7c784678224f6cb29e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=d2c1d626d6d17b7c784678224f6cb29e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=d2c1d626d6d17b7c784678224f6cb29e

Domain: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=silab,lockergoga,is,most,active,ransomware,against,companiessecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true

Verdicts & Comments Add Verdict or Comment

129 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.media.net/	1970-01-19 18:44:35	Name: gdpr_status Value: 1
.securityaffairs.co/	1970-01-19 23:39:47	Name: __gads Value: ID=736a3efbf6370290-222d6aab7ca600ef:T=1606691519:RT=1606691519:S=ALNI_MY3Y2U4lvWBO9DeHw1LO3kEVIF2AQ
securityaffairs.co/	1970-01-19 14:18:13	Name: session_depth Value: securityaffairs.co%3D1%7C733976884%3D1%7C829833831%3D1%7C816788371%3D2%7C184323154%3D1%7C647633027%3D1
.securityaffairs.co/	1970-01-20 07:49:23	Name: _ga Value: GA1.2.1438483116.1606691518
.securityaffairs.co/	1970-01-19 14:19:37	Name: _gid Value: GA1.2.1370688059.1606691518
.doubleclick.net/	1970-01-19 14:18:12	Name: test_cookie Value: CheckForPermission
.securityaffairs.co/	1970-01-19 14:18:11	Name: _gat Value: 1
securityaffairs.co/	1970-01-19 14:18:15	Name: cookielawinfo-checkbox-non-necessary Value: yes
securityaffairs.co/	1970-01-19 14:18:15	Name: cookielawinfo-checkbox-necessary Value: yes

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acdn.adnxs.com
ads.creative-serving.com
ads.pubmatic.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
apex.go.sonobi.com
bh.contextweb.com
bid.contextweb.com
buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
cdn.pixfuture.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
eu-u.openx.net
fonts.googleapis.com
google-analytics.com
googleads.g.doubleclick.net
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
ice.360yield.com
l.sharethis.com
lg3.media.net
match.adsrvr.org
maxcdn.bootstrapcdn.com
navvy.media.net
odr.mookie1.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
platform.twitter.com
prebid.mgid.com
s.w.org
securityaffairs.co
seguranca-informatica.pt
served-by.pixfuture.com
stats.wp.com
sync.1rx.io
sync.go.sonobi.com
sync.mathtag.com
tpc.googlesyndication.com
ws.sharethis.com
www.google-analytics.com
www.googletagservices.com
x.bidswitch.net
fonts.googleapis.com
served-by.pixfuture.com
104.19.133.78
172.217.18.162
178.162.133.149
178.162.133.150
18.195.43.194
18.195.7.149
185.29.132.21
185.64.189.112
192.0.76.3
192.0.77.2
192.0.77.48
193.0.160.129
198.148.27.134
198.148.27.139
2.18.232.130
2.18.233.180
2.18.235.93
2001:4de0:ac19::1:b:2a
2001:8d8:100f:f000::289
213.19.147.151
216.58.207.34
23.212.156.24
2600:9000:2190:6600:1c:8a07:5e80:93a1
2600:9000:2190:7200:c:a9b7:ddc0:93a1
2600:9000:2190:a00:c:abe:f440:93a1
2600:9000:2190:b800:3:c04e:c780:93a1
2606:2800:233:97b6:26be:138a:cba8:bb01
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:20::681a:a9c
2606:4700:3035::ac43:9180
2a00:1450:4001:809::2004
2a00:1450:4001:80b::200e
2a00:1450:4001:81f::2002
2a00:1450:4001:820::2001
2a00:1450:4001:821::2002
2a03:2880:f01c:8012:face:b00c:0:3
3.126.158.103
34.98.67.61
35.244.159.8
37.252.173.38
52.58.124.95
54.183.20.34
54.195.113.118
68.183.31.14
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
04b62bed8ce2a7828bd87ba7181696461ce7e061ab088e83c377e1cd8146032c
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
09011620a9ca23fd06076c9e55e6a5292522facf4e915cf317fe0e319f781fbb
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
093fa1b3be5a5ed806dc8873e932ce049231b1b9bab39fb85e63ab8229d57c0b
0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60
0af5ce4b63512fe6cfc3be87a6113749455acceaa97d7686f1f207ccbdec33e9
0b54ef0645d382df73c0d53c8cc9217c1145c102bf51ec70ab321782343d1852
0b5d4c577cdc94d8936258dab03fd9372f97fd3d078a28eea71bd33a22fa7652
0bf3f6e79af33723b0c1a822f59a484a35583303ab76fa9227b694b1e719364f
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0c8b60aa4f426dbbbec00d6391e3e3a1e00f081e5609b995cc810e2e92da278f
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
16c8890f684883553698412cbb368f9088b51324edbff396ade8963559ff0400
1752c287f6fbbb65e1c982399584bbc9b1e0c46f0dc181cda9b8028dc60c4c01
177d76801bdbecdb0d27109e118ae54a929156deac8ca44b46924a5c0f43cd7a
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
19220534acd81fcc7c5128efb3662f50ec59441be7a642a13d81db09106a5ded
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1c14af60dc817b5f06b15e13179a7f1239a341111adcb7739b690b367d9371d1
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
24583638f8c4bd2d5dff22bddefbb24f8d047868e71ad2c029b1698b6926c85c
25a679f3ece4289a2c58e31a074a658c6d108aa8e42958d0544118458fc02d2b
2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2f4af55775a29871ee20a5c616244393aeca1b6a1dd14ccf8353d9aac03467a0
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
39404939e029b5e921dd01556de810f23f0f5e08e0a782dc4f8b2a82df69407f
3afe47d0fe0b16bc5bddecdc9bcaca94ed420b8fd0ddee2ae77364403c794bb8
3c5dab6325657bcf657ae331cd11e28c18ce099ec17dd1b7fd8a1e4e8dcb8bc0
41f2e9f54ae423b2ea6d7e6744d2236dcbd665c4053bb4f197575a6cdc71d521
44127c3cb1717506bacc6319ee8d12f60f3a5598f7855274531b44a71512efd4
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
487a6cbcf25f502c5a8f99706da656b9f926a3fb5a16197e0d709706dcc781fe
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
501ff931c11fd99a8183bc01d1e180b867df70aca3fb9091724a190a07e9e684
51110e72739129c4f349b81492c59f077baac36420bf1feeab5e3e33cf4e407b
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
56159a7fa211c042c8da7005984653715f938917383f74292247f7b271469fb6
5d26e98e9600c9cea41a4f28dee915eedd266f450849d151a7f653d1738917de
6139b4d0af528ec1d0e26ae865c1ca04ac061d844ffa6ccc9e4adaa3af93a2f7
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
6d7d8b5166693d824356fd913840d94a4e76e9377f67035401b01c5ed1d23362
70933fb127de68e40299d5edb0408d5a00c8abcbaef4ba9326fa56633f84721d
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
7b420ad439dadbbbc88cef506a6e2ea73c331178f08f984c6b230cec7ac66a04
7c074f01f14855c72d2aedbc58a1287cdba4be27b2d166d22709083174c55854
7ff72094ca6ca5b181a3eb5fb9164183b8fdccefda93f16a129471aa49c22dee
80b8c415d0a2860143f7a4efeb7411e12dbd8574082ef69b63236fe735557182
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8b69f9c8ef496be5c628630ae1292422ff4bb0cd40ca74557fdebd233d50251e
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e23d657ac3736d84efd0dc3021d8e06a9deed39d1f31e1e8d4911e54d73ec7d
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8fb2abf379afd3a461b3a57ea8247078fef8cf1e401594f519554e1be42dd3db
926c8c62ed3b736bcad2e677f98afa8558b5606bf58f4131018237c103a1c367
935ec815dc2e1918d4e3209612455b59350f957ced1668ab3db6697e299d4528
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9b5b9b8b1984a7b55656ca3d243deb436e049467353f6e61e73ac8bd0ab2a636
9c8312e1b632d2912671d6d10be3e45c1c28b9f9054352728e20c6e0639c6a9c
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a17c88a7e304fc6f09e3c55651d1affc065dd91ec0d28ea94ec17064c4c04c31
a1e6f7fbcaafd2b0204795146aaebad17070005c8682a26a526b6b4ef85627d3
ad7386d16a056df5c235702a97a5fa4cee68e302d71041aa35df96151f756f48
afd0e4804ea81ad75436f0341b53a14a4e6df9ad501d4ccaf4a3a6dd5e882c80
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b0e5012c3fe536656cd1dd89dde9aa3971ddcb991168a393ec369a6a301335d7
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b19fbd45a248505d06f1021b814ef9599af2939129d560db0e28a3fc88ba5d05
b292fc4795c1352d954dff9e70fedfc66e04bf339e24f3598539470e8e2efc93
b834a80037718e3da7f92199034dc59611ed774af41f1e84fa1e0d97c4261192
b8e8fe9b8ca280dc3c982691064e62ba97c8f2c192a17dfe74430c7cf73cb4de
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bf464d1aa7e745b6dc00b554196af82d3ff82236bb18f5f929e26f1d4f98dd01
c5216d8d82c0c227f6efb8d924f603fe922e2608740205873d74c8d3e0f3e0c9
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c8817bacfc84fd39e4daec4096011ed3d117c7fe8b3c55fdd22af47c299099bc
c9ce09128abe5630215b4f6366451be4a80df67279ab8b526b10eebb3dc93757
cdd71bb838d270d99e161f0323cc51f5f0321cb1a1c03da45a70611ac11ad5ad
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d24350e3a8c6e3963544189c3d0cfcd8c11e5dbac0de76aace83993b7d16dcf6
d44b68c7b3e659196a6a72662f4e2e903044d6e64a6a5c0002602711cd68a8fa
d56ee6a2ba915ad87e2dc9b49d9199563f3b35f9e048938e84d1a033e5c2b1c5
d76e99964f6f9f12ed627949add675f21b18794521ca6b6145110ed682c3581a
d78c9700d52ab2eb00acf1a2de972bc50248057de7e59f5dc315b736eb24cfb3
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
d9bc4e70acb2b43913916562f088e10d8f8058c9ffcaa8c92599c6dbd907fa4f
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40c7cd7b4aa0fa006574bca5fbebdf5eb3e524edf46fd8c4a8cb52d6ccdbccc
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820
e7a1a565924089fbec521d6308a2471aa49255559cc67e702674d019fad3c510
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
e911fa785eab7795cd8b3d09347ef0e8c72af831dc123c77b67865465115152f
ee657fa9cbe48aeeda44b31ed4ae2ca1d021a82e301e36a456eafb7c8dda7fb7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f0d3d5e8244dc1528570498005e8b963908ad2efe06639f7fb3bfaeec5a10daa
f0e7248e64314f6983225b9dd12f60801e78ab4ef29001698eb334650d93dfbe
f296a558ded0555f15f1d427037c2610924810bddae7e104570a2bc6b88cde21
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4d4eda42f85c6ccbbb5de2aff596085b3b1d380c8585464f2e53df2cad66f8e
f777461f309eec7451d363c6cb32f4d76dc5e5282a205502ed466f5b281be407
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8b56f5b126fd70a53e7d280ce31a5048a39ef1c2784b280ed7bd53c26165e9a
fb9e0e525b6f1c34a61dc457300e88c9c22f5f4082e9a02e39ab9275b05b7497
fd985886d37f7cffd7bbe599a032f3463cca1f09983a0e56a108cad0b0b63c45

securityaffairs.co Open in urlscan Pro 2001:8d8:100f:f000::289 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

219 Requests

98 %HTTPS

36 %IPv6

34 Domains

52 Subdomains

38 IPs

6 Countries

3885 kBTransfer

5758 kBSize

9 Cookies

18 Outgoing links

Redirected requests

219 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Screenshot
Live screenshot

Full Image

219
Requests

98 %
HTTPS

36 %
IPv6

34
Domains

52
Subdomains

38
IPs

6
Countries

3885 kB
Transfer

5758 kB
Size

9
Cookies

219 HTTP transactions
13 data transactions