URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Submission: On September 30 via api from CH

Summary

This website contacted 42 IPs in 7 countries across 36 domains to perform 111 HTTP transactions. The main IP is 23.20.175.25, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is www.armor.com.
TLS certificate: Issued by GlobalSign Extended Validation CA - S... on July 26th 2019. Valid for: a year.
This is the only time www.armor.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 27 23.20.175.25 14618 (AMAZON-AES)
1 23.111.9.35 33438 (HIGHWINDS2)
4 52.31.85.24 16509 (AMAZON-02)
12 2600:9000:214... 16509 (AMAZON-02)
3 13.32.158.139 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 151.101.12.157 54113 (FASTLY)
1 104.244.42.133 13414 (TWITTER)
1 184.31.84.223 20940 (AKAMAI-ASN1)
1 23.111.9.64 33438 (HIGHWINDS2)
1 192.229.221.91 15133 (EDGECAST)
2 178.249.101.23 11054 (LIVEPERSON)
1 192.28.147.68 53580 (MARKETO)
2 52.204.14.45 14618 (AMAZON-AES)
1 2a03:6400:10:... 11054 (LIVEPERSON)
4 208.89.12.87 11054 (LIVEPERSON)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a03:6400:10:... 11054 (LIVEPERSON)
1 2606:2800:234... 15133 (EDGECAST)
2 147.75.32.75 54825 (PACKET)
1 104.244.42.131 13414 (TWITTER)
3 93.184.220.178 15133 (EDGECAST)
2 2606:2800:234... 15133 (EDGECAST)
6 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f02... 32934 (FACEBOOK)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
2 143.204.214.21 16509 (AMAZON-02)
2 54.86.245.217 14618 (AMAZON-AES)
1 13.32.158.252 16509 (AMAZON-02)
3 3 2a00:1450:400... 15169 (GOOGLE)
3 3 2001:4860:480... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 34.194.209.108 14618 (AMAZON-AES)
1 13.32.158.236 16509 (AMAZON-02)
2 2 52.211.150.253 16509 (AMAZON-02)
1 2 143.204.214.70 16509 (AMAZON-02)
1 147.75.84.99 54825 (PACKET)
1 172.217.22.98 15169 (GOOGLE)
1 1 104.244.42.72 13414 (TWITTER)
1 147.75.83.125 54825 (PACKET)
1 2600:9000:214... 16509 (AMAZON-02)
2 2a03:2880:f12... 32934 (FACEBOOK)
1 2 2620:119:50e1... 14413 (LINKEDIN)
1 1 2620:119:50e4... 14413 (LINKEDIN)
111 42
Apex Domain
Subdomains
Transfer
38 armor.com
www.armor.com
cdn.armor.com
720 KB
6 google-analytics.com
www.google-analytics.com
43 KB
6 liveperson.net
lptag.liveperson.net
va.v.liveperson.net
93 KB
6 salesloft.com
scout-cdn.salesloft.com
scout.salesloft.com
scout.us1.salesloft.com
5 KB
4 google.de
www.google.de
520 B
4 twitter.com
analytics.twitter.com
platform.twitter.com
syndication.twitter.com
543 B
4 hotjar.com
static.hotjar.com
script.hotjar.com
vars.hotjar.com
78 KB
4 trustarc.com
consent.trustarc.com
26 KB
3 linkedin.com
px.ads.linkedin.com
www.linkedin.com
1 KB
3 company-target.com
api.company-target.com
segments.company-target.com
2 KB
3 google.com
www.google.com
570 B
3 doubleclick.net
stats.g.doubleclick.net
480 B
3 facebook.net
connect.facebook.net
120 KB
3 bizible.com
cdn.bizible.com
1 KB
3 terminus.services
vidassets.terminus.services
3 KB
2 facebook.com
www.facebook.com
249 B
2 bidr.io
match.prod.bidr.io
752 B
2 engagio.com
web-analytics.engagio.com
1 KB
2 driftt.com
js.driftt.com
44 KB
2 bing.com
bat.bing.com
8 KB
2 gstatic.com
www.gstatic.com
12 KB
2 licdn.com
snap.licdn.com
6 KB
2 lpsnmedia.net
lpcdn.lpsnmedia.net Failed
accdn.lpsnmedia.net
2 KB
2 cloudfront.net
d1acp2n11z40zw.cloudfront.net
dn1f1hmdujj40.cloudfront.net
11 KB
1 googleadservices.com
www.googleadservices.com
187 B
1 demandbase.com
tag.demandbase.com
15 KB
1 fonts.net
fast.fonts.net
152 B
1 googletagmanager.com
www.googletagmanager.com
33 KB
1 mktoresp.com
381-kpd-482.mktoresp.com
303 B
1 sociabble.com
cdn-public.sociabble.com
9 KB
1 marketo.net
munchkin.marketo.net
4 KB
1 t.co
t.co
170 B
1 ads-twitter.com
static.ads-twitter.com
2 KB
1 addtoany.com
static.addtoany.com
26 KB
1 fontawesome.com
use.fontawesome.com
14 KB
0 glitch.me Failed
simple-banner.glitch.me Failed
111 36
Domain Requested by
27 www.armor.com 1 redirects www.armor.com
11 cdn.armor.com www.armor.com
6 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.armor.com
4 www.google.de www.armor.com
www.gstatic.com
4 va.v.liveperson.net lptag.liveperson.net
4 consent.trustarc.com www.armor.com
consent.trustarc.com
3 scout.us1.salesloft.com www.armor.com
3 www.google.com 3 redirects
3 stats.g.doubleclick.net 3 redirects
3 connect.facebook.net www.armor.com
connect.facebook.net
3 cdn.bizible.com www.armor.com
3 vidassets.terminus.services www.armor.com
2 px.ads.linkedin.com 1 redirects
2 www.facebook.com www.armor.com
www.googletagmanager.com
2 segments.company-target.com 1 redirects www.armor.com
2 match.prod.bidr.io 2 redirects
2 web-analytics.engagio.com www.armor.com
dn1f1hmdujj40.cloudfront.net
2 js.driftt.com www.armor.com
js.driftt.com
2 bat.bing.com www.armor.com
2 www.gstatic.com www.armor.com
www.gstatic.com
2 snap.licdn.com www.armor.com
snap.licdn.com
2 platform.twitter.com www.armor.com
2 static.hotjar.com www.armor.com
2 scout.salesloft.com scout-cdn.salesloft.com
2 lptag.liveperson.net www.armor.com
1 www.linkedin.com 1 redirects
1 dn1f1hmdujj40.cloudfront.net web-analytics.engagio.com
1 vars.hotjar.com static.hotjar.com
1 syndication.twitter.com 1 redirects
1 www.googleadservices.com www.gstatic.com
1 script.hotjar.com static.hotjar.com
1 api.company-target.com tag.demandbase.com
1 tag.demandbase.com www.armor.com
1 analytics.twitter.com static.ads-twitter.com
1 fast.fonts.net www.armor.com
1 www.googletagmanager.com www.armor.com
1 accdn.lpsnmedia.net lptag.liveperson.net
1 lpcdn.lpsnmedia.net lptag.liveperson.net
www.armor.com
1 381-kpd-482.mktoresp.com munchkin.marketo.net
1 cdn-public.sociabble.com www.armor.com
1 scout-cdn.salesloft.com www.armor.com
1 munchkin.marketo.net www.armor.com
1 t.co www.armor.com
1 static.ads-twitter.com www.armor.com
1 static.addtoany.com www.armor.com
1 d1acp2n11z40zw.cloudfront.net www.armor.com
1 use.fontawesome.com www.armor.com
0 simple-banner.glitch.me Failed www.armor.com
111 48
Subject Issuer Validity Valid
www.armor.com
GlobalSign Extended Validation CA - SHA256 - G3
2019-07-26 -
2020-09-15
a year crt.sh
*.fontawesome.com
DigiCert SHA2 Secure Server CA
2018-09-17 -
2019-11-21
a year crt.sh
*.trustarc.com
Go Daddy Secure Certificate Authority - G2
2017-07-18 -
2020-07-17
3 years crt.sh
cdn.armor.com
GlobalSign Domain Validation CA - SHA256 - G2
2019-04-09 -
2020-06-02
a year crt.sh
*.terminus.services
Amazon
2019-02-12 -
2020-03-12
a year crt.sh
*.cloudfront.net
DigiCert Global CA G2
2019-07-17 -
2020-07-05
a year crt.sh
ssl472428.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-07-02 -
2020-01-08
6 months crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2019-08-14 -
2020-08-18
a year crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2019-04-09 -
2020-04-01
a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2018-12-24 -
2020-03-24
a year crt.sh
*.salesloft.com
COMODO RSA Domain Validation Secure Server CA
2017-08-25 -
2019-10-20
2 years crt.sh
sa377gl.wpc.edgecastcdn.net
DigiCert SHA2 Secure Server CA
2018-02-15 -
2020-06-04
2 years crt.sh
*.liveperson.net
COMODO RSA Organization Validation Secure Server CA
2017-12-17 -
2020-12-16
3 years crt.sh
*.mktoresp.com
GeoTrust RSA CA 2018
2018-02-05 -
2020-02-05
2 years crt.sh
salesloft.com
COMODO RSA Domain Validation Secure Server CA
2018-12-28 -
2020-02-04
a year crt.sh
*.lpsnmedia.net
COMODO RSA Organization Validation Secure Server CA
2018-02-26 -
2021-02-25
3 years crt.sh
*.v.liveperson.net
COMODO RSA Organization Validation Secure Server CA
2018-05-08 -
2020-05-07
2 years crt.sh
*.google-analytics.com
GTS CA 1O1
2019-09-05 -
2019-11-28
3 months crt.sh
s9.wac.edgecastcdn.net
DigiCert SHA2 Secure Server CA
2019-01-16 -
2021-02-03
2 years crt.sh
static.hotjar.com
Let's Encrypt Authority X3
2019-08-07 -
2019-11-05
3 months crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2019-04-09 -
2020-04-01
a year crt.sh
cdn.bizible.com
Go Daddy Secure Certificate Authority - G2
2019-03-14 -
2021-04-13
2 years crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA
2018-11-19 -
2019-11-27
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-08-24 -
2019-10-19
2 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
*.google.com
GTS CA 1O1
2019-09-05 -
2019-11-28
3 months crt.sh
www.bing.com
Microsoft IT TLS CA 2
2019-04-30 -
2021-04-30
2 years crt.sh
drift.com
Amazon
2018-10-17 -
2019-11-17
a year crt.sh
*.engagio.com
COMODO RSA Organization Validation Secure Server CA
2017-05-23 -
2020-07-24
3 years crt.sh
*.demandbase.com
Go Daddy Secure Certificate Authority - G2
2018-09-20 -
2020-11-19
2 years crt.sh
www.google.de
GTS CA 1O1
2019-09-05 -
2019-11-28
3 months crt.sh
*.company-target.com
Go Daddy Secure Certificate Authority - G2
2019-06-19 -
2021-08-18
2 years crt.sh
script.hotjar.com
Let's Encrypt Authority X3
2019-08-07 -
2019-11-05
3 months crt.sh
www.googleadservices.com
GTS CA 1O1
2019-09-05 -
2019-11-28
3 months crt.sh
vars.hotjar.com
Let's Encrypt Authority X3
2019-08-07 -
2019-11-05
3 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2019-05-29 -
2021-06-29
2 years crt.sh

This page contains 8 frames:

Primary Page: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Frame ID: 8BB3C528FD8596B8E4B3B22565988998
Requests: 104 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.8.0.0-release_461/storage.secure.min.html?loc=https%3A%2F%2Fwww.armor.com&site=76669337&env=prod
Frame ID: 380B620E9F62ECA61E17E90F2E9258A9
Requests: 1 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.8.0.0-release_461/storage.secure.min.html?loc=https%3A%2F%2Fwww.armor.com&site=76669337&env=prod
Frame ID: C06C070515CDD2DB5D29DEA9D29A6F06
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.bed9e19e565ca3b578705de9e73c29ed.html?origin=https%3A%2F%2Fwww.armor.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Frame ID: 6B92900A7751888750453A346C00283F
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: BBD0ABE0176E806D78BE427C25E0F711
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-90f3a29ef7448451db5af955688970d7.html
Frame ID: 47330A91C1F436E5A19F8440594EA117
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: B7E4A5A923089C2D476A1B7022C8884E
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: E5CE813638FEF165AC04ACA6D4B8B8EE
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students HTTP 301
    https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • script /\/revslider\/[\/\w-]+\/js/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • script /\/revslider\/[\/\w-]+\/js/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • script /\/revslider\/[\/\w-]+\/js/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • script /addtoany\.com\/menu\/page\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/revslider\/[\/\w-]+\/js/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

111
Requests

98 %
HTTPS

41 %
IPv6

36
Domains

48
Subdomains

42
IPs

7
Countries

1278 kB
Transfer

4044 kB
Size

22
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students HTTP 301
    https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 79
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-435037-20&cid=13806906.1569876373&jid=1058228965&gjid=1515494483&_gid=221141194.1569876373&_u=YGBAgAADQ~&z=1240709465 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1058228965&_v=j79&z=1240709465 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1058228965&_v=j79&z=1240709465&slf_rd=1&random=2027129437
Request Chain 86
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AAWykU67JNMAABW7n-I0uw HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAWykU67JNMAABW7n-I0uw&verifyHash=3d6859ee1d1c271d8e74de7db1c2c365cda2fb83
Request Chain 89
  • https://syndication.twitter.com/i/jot HTTP 302
  • https://platform.twitter.com/jot.html
Request Chain 100
  • https://px.ads.linkedin.com/collect/?time=1569876374173&pid=58768&url=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&fmt=js&s=1 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1569876374173%26pid%3D58768%26url%3Dhttps%253A%252F%252Fwww.armor.com%252Fthreat-intelligence%252Freading-writing-and-ransomware-new-attacks-greet-students%252F%26fmt%3Djs%26s%3D1%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect/?time=1569876374173&pid=58768&url=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&fmt=js&s=1&liSync=true
Request Chain 103
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-435037-20&cid=13806906.1569876373&jid=1112234548&gjid=399283218&_gid=221141194.1569876373&_u=aHDAgEADQ~&z=855767277 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1112234548&_v=j79&z=855767277 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1112234548&_v=j79&z=855767277&slf_rd=1&random=3021254996
Request Chain 106
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-435037-20&cid=13806906.1569876373&jid=1346517224&gjid=1813421598&_gid=221141194.1569876373&_u=aHDAgEADQ~&z=185267055 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1346517224&_v=j79&z=185267055 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1346517224&_v=j79&z=185267055&slf_rd=1&random=2596038489

111 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Redirect Chain
  • https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students
  • https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
108 KB
23 KB
Document
General
Full URL
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
35c00684c2c2e63c4b0bbccc35fd2f2fd96db731d128fd4e1144e0f6c39617fc
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.armor.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Cookie
PHPSESSID=2d04a50bkgv3nqndg56jdiq161
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 30 Sep 2019 20:46:11 GMT
Link
<https://www.armor.com/wp-json/>; rel="https://api.w.org/" <https://www.armor.com/?p=23026>; rel=shortlink
Node
10.200.101.88
Server
nginx
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
X-TEC-API-ORIGIN
https://www.armor.com
X-TEC-API-ROOT
https://www.armor.com/wp-json/tribe/events/v1/
X-TEC-API-VERSION
v1
X-XSS-Protection
1; mode=block
transfer-encoding
chunked
Connection
keep-alive

Redirect headers

Cache-Control
no-cache, must-revalidate, max-age=0
Content-Type
text/html; charset=UTF-8
Date
Mon, 30 Sep 2019 20:46:10 GMT
Expires
Wed, 11 Jan 1984 05:00:00 GMT
Location
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Node
10.200.102.167
Server
nginx
Set-Cookie
PHPSESSID=2d04a50bkgv3nqndg56jdiq161; path=/
X-Frame-Options
SAMEORIGIN
X-Redirect-By
WordPress
X-XSS-Protection
1; mode=block
Content-Length
0
Connection
keep-alive
sb-instagram.min.css
www.armor.com/app/plugins/instagram-feed-pro/css/
51 KB
9 KB
Stylesheet
General
Full URL
https://www.armor.com/app/plugins/instagram-feed-pro/css/sb-instagram.min.css
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a1dad966d318bac62d305a0e05f1b047ed9575c9a7a086041ad24fa920cc6b7d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:11 GMT
Content-Encoding
gzip
Last-Modified
Thu, 26 Sep 2019 20:16:13 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8d1c8d-cc5f"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Node
10.200.103.175
Connection
keep-alive
Content-Length
8717
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
reset.min.css
www.armor.com/app/plugins/the-events-calendar/common/src/resources/css/
4 KB
1 KB
Stylesheet
General
Full URL
https://www.armor.com/app/plugins/the-events-calendar/common/src/resources/css/reset.min.css
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e96cfe81431ab0c70414bc65dd83d59ada01405419c8faca900637fdfffdd48b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Sep 2019 18:37:00 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8bb3cc-11bc"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Node
10.200.102.167
Connection
keep-alive
Content-Length
1094
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
common.min.css
www.armor.com/app/plugins/the-events-calendar/common/src/resources/css/
37 KB
6 KB
Stylesheet
General
Full URL
https://www.armor.com/app/plugins/the-events-calendar/common/src/resources/css/common.min.css
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
55c98973ad75643b7fa9abeb6f381973b66f764386538e8fd7e16b3f969d2f31
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Sep 2019 18:37:00 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8bb3cc-93f6"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Node
10.200.101.88
Connection
keep-alive
Content-Length
5885
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
tooltip.min.css
www.armor.com/app/plugins/the-events-calendar/common/src/resources/css/
2 KB
994 B
Stylesheet
General
Full URL
https://www.armor.com/app/plugins/the-events-calendar/common/src/resources/css/tooltip.min.css
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
34119901f74b4d927c3b3ac787f1b99819174e6308ad5d4cb05ba5409cb5ffa5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Sep 2019 18:37:00 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8bb3cc-663"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Node
10.200.103.175
Connection
keep-alive
Content-Length
579
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
www.armor.com/wp/wp-includes/css/dist/block-library/
29 KB
5 KB
Stylesheet
General
Full URL
https://www.armor.com/wp/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 04 Sep 2019 22:09:26 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d703616-726f"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Node
10.200.102.167
Connection
keep-alive
Content-Length
4830
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
svgs-attachment.css
www.armor.com/app/mu-plugins/svg-support/css/
222 B
608 B
Stylesheet
General
Full URL
https://www.armor.com/app/mu-plugins/svg-support/css/svgs-attachment.css
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
756df835cdc3e6d51abfaa6f2cd0d48a3430e2bcc2c12566e06dc79f3ba4ff74
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Last-Modified
Wed, 18 Apr 2018 18:37:54 GMT
Server
nginx
ETag
"5ad79082-de"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=315360000
Node
10.200.102.59
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
222
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
simple-banner.css
www.armor.com/app/plugins/simple-banner/
315 B
612 B
Stylesheet
General
Full URL
https://www.armor.com/app/plugins/simple-banner/simple-banner.css
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
fda9e98004dfb48d2ef7a9c8a2532d83e7d70d246788f99ece81443e8a96db79
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 24 Apr 2018 03:54:02 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5adeaa5a-13b"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Node
10.200.101.88
Connection
keep-alive
Content-Length
198
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.js
www.armor.com/wp/wp-includes/js/jquery/
95 KB
34 KB
Script
General
Full URL
https://www.armor.com/wp/wp-includes/js/jquery/jquery.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 04 Sep 2019 22:09:26 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d703616-17a69"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
transfer-encoding
chunked
Node
10.200.102.59
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.themepunch.tools.min.js
www.armor.com/app/plugins/revslider/public/assets/js/
108 KB
38 KB
Script
General
Full URL
https://www.armor.com/app/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a1dff8b0c66227748951c4ff891f146f49c5a382ac8e3d6e3c2e9cf8aa560dc8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Thu, 26 Sep 2019 20:16:18 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8d1c92-1afe4"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
transfer-encoding
chunked
Node
10.200.101.88
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.themepunch.revolution.min.js
www.armor.com/app/plugins/revslider/public/assets/js/
63 KB
18 KB
Script
General
Full URL
https://www.armor.com/app/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
27ead7f47a3fb4d1e7cbef0c68e28bde7ea18923cf41d8ca82ba13584eebc710
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Thu, 26 Sep 2019 20:16:18 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8d1c92-fdb5"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
transfer-encoding
chunked
Node
10.200.102.167
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
simple-banner.js
www.armor.com/app/plugins/simple-banner/
645 B
710 B
Script
General
Full URL
https://www.armor.com/app/plugins/simple-banner/simple-banner.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
794b7354ed6d515c822a9a56d49cb17c5a9368cf53981afcccf71ac46f2a3c74
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Sat, 08 Jun 2019 01:48:10 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5cfb13da-285"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Node
10.200.103.175
Connection
keep-alive
Content-Length
281
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
simple-banner-pro.js
www.armor.com/app/plugins/simple-banner/
307 B
660 B
Script
General
Full URL
https://www.armor.com/app/plugins/simple-banner/simple-banner-pro.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
04f6fe75ea746ef6eccc7e329feb9a6d010cb9223d984fb5492a3fb6d2d79709
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Sat, 08 Jun 2019 01:48:10 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5cfb13da-133"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Node
10.200.102.59
Connection
keep-alive
Content-Length
232
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
all.css
use.fontawesome.com/releases/v5.8.2/css/
54 KB
14 KB
Stylesheet
General
Full URL
https://use.fontawesome.com/releases/v5.8.2/css/all.css
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
06d6e10886ed7de5561acab1935bce1c46174baa9cbd0bcb319aa3b69594131f

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Origin
https://www.armor.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:11 GMT
content-encoding
gzip
last-modified
Tue, 07 May 2019 16:50:11 GMT
server
NetDNA-cache/2.2
status
200
etag
W/"77cbad34e5ce95e70847b074e05faeab"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
style.css
www.armor.com/app/themes/armor-theme/
446 KB
62 KB
Stylesheet
General
Full URL
https://www.armor.com/app/themes/armor-theme/style.css
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e79e7268e259af85b71a208d363aed33c81e00e448cfeb7f26e2eb21b5672dd2
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Thu, 26 Sep 2019 20:16:57 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8d1cb9-6f72b"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
transfer-encoding
chunked
Node
10.200.103.175
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
notice
consent.trustarc.com/
6 KB
3 KB
Script
General
Full URL
https://consent.trustarc.com/notice?domain=armor.com&c=teconsent&js=nj&noticeType=bb&text=true
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.31.85.24 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-31-85-24.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
31ff9f3df32472b67536a2fab76a4032e5de477ea644a9f2153c4d4d263d5ef3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Origin
https://www.armor.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
status
200
x-frame-options
SAMEORIGIN
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache
vary
Accept-Encoding
content-length
2370
x-xss-protection
1; mode=block
expires
Mon, 30 Sep 2019 20:46:11 GMT
thumbnail-284f8349c6bb8236d88e20783145890e-compressor.png
cdn.armor.com/app/uploads/2017/09/
15 KB
15 KB
Image
General
Full URL
https://cdn.armor.com/app/uploads/2017/09/thumbnail-284f8349c6bb8236d88e20783145890e-compressor.png
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dca2a46c726b75d682229527df890e8ff2a8a63ed1b59a9f749335f6aa315724

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Sep 2019 23:43:03 GMT
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Sun, 29 Jul 2018 19:25:09 GMT
server
AmazonS3
age
162188
etag
"3777e1d3a246439c5ef9104ddb8af891"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
15209
x-amz-cf-id
xnUfNbAR9JmD9tRTNiw9jB7ft7rVnEYifpZV8NHJiNbYFL5WtlSA8A==
expires
Mon, 29 Jul 2019 19:25:08 GMT
Blog-Surge-Continuous-Compliance-tn.jpg
cdn.armor.com/app/uploads/2017/10/27223031/
11 KB
12 KB
Image
General
Full URL
https://cdn.armor.com/app/uploads/2017/10/27223031/Blog-Surge-Continuous-Compliance-tn.jpg
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b5443203a86a9d8b802b2378c6458dffeb7f29ad991e105e69ca03bb74693e68

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Sep 2019 23:43:04 GMT
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Wed, 06 Jun 2018 19:10:39 GMT
server
AmazonS3
age
162189
etag
"c15e042abe8dbf883e4bdfbf5fe864fa"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
11745
x-amz-cf-id
V0nlsX6g2rqT5NgLjGHKYO2y6HlXgZTBsTVzvtgZ5nylBuldvAaJzw==
expires
Thu, 06 Jun 2019 19:10:38 GMT
2018-Q1-Social-Reports-HoneyPot-169x75.jpg
cdn.armor.com/app/uploads/2018/07/
3 KB
4 KB
Image
General
Full URL
https://cdn.armor.com/app/uploads/2018/07/2018-Q1-Social-Reports-HoneyPot-169x75.jpg
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4ad5ac7ac169c38946be3696e837917de65d3f44f2c5ba250622ea7b478bc0a2

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 27 Sep 2019 23:43:04 GMT
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Mon, 30 Jul 2018 04:06:49 GMT
server
AmazonS3
age
248588
etag
"2aa099bc88512ebd3add28bb06454041"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
3347
x-amz-cf-id
vKPv6DJv2piTL_4AhKEDhakvjR3Pw1hZwI5PRH99s9-2N7X4Rpdrpw==
expires
Tue, 30 Jul 2019 04:06:48 GMT
wp-emoji-release.min.js
www.armor.com/wp/wp-includes/js/
14 KB
5 KB
Script
General
Full URL
https://www.armor.com/wp/wp-includes/js/wp-emoji-release.min.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 04 Sep 2019 22:09:26 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d703616-3610"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Node
10.200.101.88
Connection
keep-alive
Content-Length
4664
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Armor_US-Ransomware-Attacks-8.29.19-1.jpg
cdn.armor.com/app/uploads/2019/08/
70 KB
70 KB
Image
General
Full URL
https://cdn.armor.com/app/uploads/2019/08/Armor_US-Ransomware-Attacks-8.29.19-1.jpg
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6d8f15a09867ac073e71fee08dcc22f0ff9d96ad780f087b551330fb1644e2db

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 07:52:19 GMT
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Thu, 29 Aug 2019 19:48:05 GMT
server
AmazonS3
age
46434
etag
"90bbc0cfb8fee46c5181ba2f975bb281"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
71404
x-amz-cf-id
rj2Vs0xzwLQ7bm-MCnqRJLIqAKWg60ehgwLiKcUFQjqvCs3KVUMhyg==
expires
Fri, 28 Aug 2020 19:48:04 GMT
t.js
vidassets.terminus.services/69451f1c-df25-43a7-ab03-b3258091e8b4/
3 KB
2 KB
Script
General
Full URL
https://vidassets.terminus.services/69451f1c-df25-43a7-ab03-b3258091e8b4/t.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.32.158.139 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-158-139.fra56.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
852d6ef7e1f541e29805a611f49b52f6ecb7a47679e966c9264db3c177234ba6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 27 Sep 2019 14:00:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Fri, 27 Sep 2019 12:54:41 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript;charset=utf-8
via
1.1 be3a2ea70ea68d04665ee5db91a73443.cloudfront.net (CloudFront)
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id
c0kDHrN90muVQELO-V92-EMmqdzmettU9QhNKLtIINUWjue-F4SuaA==
facebook_icon.svg
cdn.armor.com/app/uploads/2018/04/27223106/
377 B
681 B
Image
General
Full URL
https://cdn.armor.com/app/uploads/2018/04/27223106/facebook_icon.svg
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
42f08d3fd1152d7c7ae15257b5ff78097c45ee0aca2f76d2927a1115ebad9771

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Sep 2019 23:43:04 GMT
content-encoding
gzip
age
162189
x-cache
Hit from cloudfront
status
200
content-length
279
last-modified
Fri, 27 Apr 2018 22:31:07 GMT
server
AmazonS3
etag
"7fe7d2947610a338b7bacfb06339432d"
content-type
image/svg+xml
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
x-amz-cf-id
qc50Clqf1RIob3_5_Z1BW3y3Nx8SCqGK5SU0hgUBeBadS10lkE-xkA==
expires
Sat, 27 Apr 2019 22:31:06 GMT
twitter_icon.svg
cdn.armor.com/app/uploads/2018/03/27223106/
711 B
803 B
Image
General
Full URL
https://cdn.armor.com/app/uploads/2018/03/27223106/twitter_icon.svg
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
86c47df0704a55ff8824483a2d32a37d567284baa4ba9ab7fb1658d9bc99cc02

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Sep 2019 23:43:04 GMT
content-encoding
gzip
age
162189
x-cache
Hit from cloudfront
status
200
content-length
402
last-modified
Fri, 27 Apr 2018 22:31:07 GMT
server
AmazonS3
etag
"a6fc975cdd56ef4feadaf1290159de9c"
content-type
image/svg+xml
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
x-amz-cf-id
0ywEW8B3j4yVYWpn176PaI2ISX1WHeTLjk5mXF_mjlbcpd-BrjotUA==
expires
Sat, 27 Apr 2019 22:31:06 GMT
linkedin_icon.svg
cdn.armor.com/app/uploads/2018/04/27223106/
610 B
770 B
Image
General
Full URL
https://cdn.armor.com/app/uploads/2018/04/27223106/linkedin_icon.svg
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1e6f7b22b807f132cd56bd7f8d8d19f6555eb47ef10770812c8b9525e2608fe0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Sep 2019 23:43:04 GMT
content-encoding
gzip
age
162189
x-cache
Hit from cloudfront
status
200
content-length
369
last-modified
Fri, 27 Apr 2018 22:31:07 GMT
server
AmazonS3
etag
"eb688f911bae89c79d516788ec5e381c"
content-type
image/svg+xml
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
x-amz-cf-id
k9RAx6PJvSN78f4ve_nsFRLzxVIc1meoUxMKAAYYpSY_KGKdf47J7w==
expires
Sat, 27 Apr 2019 22:31:06 GMT
instagram_icon.svg
cdn.armor.com/app/uploads/2018/08/
2 KB
1 KB
Image
General
Full URL
https://cdn.armor.com/app/uploads/2018/08/instagram_icon.svg
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
079b03a5c4fac8e8f958095e9954f8072cde83d6eef64f01ea73c3c7e47f382c

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Sep 2019 23:43:04 GMT
content-encoding
gzip
age
162189
x-cache
Hit from cloudfront
status
200
content-length
1001
last-modified
Wed, 29 Aug 2018 21:47:04 GMT
server
AmazonS3
etag
"25a388fe1964cf513760a2ac78a3a422"
content-type
image/svg+xml
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
x-amz-cf-id
L9-pBTN9ZkDxW0NkUyJ-KJAlhvAiuJ2m0ucxp1nJgXsdGnzEpBGXjg==
expires
Thu, 29 Aug 2019 21:47:03 GMT
youtube_icon.svg
cdn.armor.com/app/uploads/2018/04/27223106/
669 B
774 B
Image
General
Full URL
https://cdn.armor.com/app/uploads/2018/04/27223106/youtube_icon.svg
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
04214d71c2c8c35d5404fbb0f096cb7c3bf17a1dfaf10587a7716de9dc0071a5

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Sep 2019 23:43:04 GMT
content-encoding
gzip
age
162189
x-cache
Hit from cloudfront
status
200
content-length
373
last-modified
Fri, 27 Apr 2018 22:31:07 GMT
server
AmazonS3
etag
"4da716d9936b11c52a21d9930293ba22"
content-type
image/svg+xml
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
x-amz-cf-id
w9kS6NyliVgCD_GqEkWOG0gt_QahqRUTAAUOcQq_Y7ggMptv-tmaLg==
expires
Sat, 27 Apr 2019 22:31:06 GMT
slideshare_icon.svg
cdn.armor.com/app/uploads/2018/04/27223105/
859 B
884 B
Image
General
Full URL
https://cdn.armor.com/app/uploads/2018/04/27223105/slideshare_icon.svg
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
596107120d4e37fdd432fd77b9a35ed8cd715d8f0d8143c579c57d3e58282c57

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Sep 2019 23:43:04 GMT
content-encoding
gzip
age
162189
x-cache
Hit from cloudfront
status
200
content-length
484
last-modified
Fri, 27 Apr 2018 22:31:06 GMT
server
AmazonS3
etag
"fb72b3ef76e69c5ccd015303a75341b1"
content-type
image/svg+xml
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
x-amz-cf-id
Z-H1plst-x40BE-OnqPqjU4liLg5SdoS-Coga7Juq1EP_2jnph7oGw==
expires
Sat, 27 Apr 2019 22:31:05 GMT
Armor_Logo_Orange_Tagline.png
d1acp2n11z40zw.cloudfront.net/app/uploads/2017/04/27223043/
3 KB
3 KB
Image
General
Full URL
https://d1acp2n11z40zw.cloudfront.net/app/uploads/2017/04/27223043/Armor_Logo_Orange_Tagline.png
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
27f1894b4c226d8d37278433ff3dd2e448cb877d2cbe818d189fc905195d3422

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Sep 2019 23:43:04 GMT
via
1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
last-modified
Wed, 06 Jun 2018 19:13:58 GMT
server
AmazonS3
age
162189
etag
"355e8922acf206ac858e8a095170671b"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
3183
x-amz-cf-id
O9SQKlANgEiLptM7GJv-DW7BiPWY6fNKnAhQVIFgyCaCC3JllCLhoQ==
expires
Thu, 06 Jun 2019 19:13:57 GMT
tribe-common.min.js
www.armor.com/app/plugins/the-events-calendar/common/src/resources/js/
321 B
588 B
Script
General
Full URL
https://www.armor.com/app/plugins/the-events-calendar/common/src/resources/js/tribe-common.min.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf7a610c11489bfce177c3c71c5c7aec7101b1ba754d3d2aacc9636fc046c3b6
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Sep 2019 18:37:00 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8bb3cc-141"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Node
10.200.103.175
Connection
keep-alive
Content-Length
159
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
tooltip.min.js
www.armor.com/app/plugins/the-events-calendar/common/src/resources/js/
523 B
692 B
Script
General
Full URL
https://www.armor.com/app/plugins/the-events-calendar/common/src/resources/js/tooltip.min.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
64c85e8b3d558b7ced2ce4d184dafd88b8dda0cfb0f388a06a7ff3e8f34841d8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Sep 2019 18:37:00 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8bb3cc-20b"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Node
10.200.102.167
Connection
keep-alive
Content-Length
263
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-migrate.min.js
www.armor.com/wp/wp-includes/js/jquery/
10 KB
4 KB
Script
General
Full URL
https://www.armor.com/wp/wp-includes/js/jquery/jquery-migrate.min.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 04 Sep 2019 22:09:26 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d703616-2748"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Node
10.200.102.59
Connection
keep-alive
Content-Length
4016
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
armor-header.js
www.armor.com/app/themes/armor-theme/js/dist/
168 KB
58 KB
Script
General
Full URL
https://www.armor.com/app/themes/armor-theme/js/dist/armor-header.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d8e3d639b5446534fbec951b583b6eb37962a4e82fd4c6c1ff6ca3534de3eb0d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Thu, 26 Sep 2019 20:16:20 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8d1c94-2a02c"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
transfer-encoding
chunked
Node
10.200.101.88
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
demo-fw.js
www.armor.com/app/themes/armor-theme/js/scripts/
4 KB
2 KB
Script
General
Full URL
https://www.armor.com/app/themes/armor-theme/js/scripts/demo-fw.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
958bb1007d69f98adfd7f7966d348275f35329d7c23d91d6fb7d660d04afdb8f
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Thu, 26 Sep 2019 20:16:20 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8d1c94-10ce"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Node
10.200.103.175
Connection
keep-alive
Content-Length
1185
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
armor-footer.js
www.armor.com/app/themes/armor-theme/js/dist/
738 KB
221 KB
Script
General
Full URL
https://www.armor.com/app/themes/armor-theme/js/dist/armor-footer.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
24bdf22b6e237ff6f00bdb08bfd0b80f50dd9dbedaba96880c2de544082e1c30
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Thu, 26 Sep 2019 20:16:20 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d8d1c94-b8670"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
transfer-encoding
chunked
Node
10.200.102.167
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-embed.min.js
www.armor.com/wp/wp-includes/js/
1 KB
1 KB
Script
General
Full URL
https://www.armor.com/wp/wp-includes/js/wp-embed.min.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 04 Sep 2019 22:09:26 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
ETag
W/"5d703616-57b"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Node
10.200.102.59
Connection
keep-alive
Content-Length
753
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
hostname
simple-banner.glitch.me/
0
0

page.js
static.addtoany.com/menu/
79 KB
26 KB
Script
General
Full URL
https://static.addtoany.com/menu/page.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:6e27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc71dde0fa1f3434b18e014866b9484f577bc34c8ea80155e0039fe041419fa6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
via
e5s
x-content-type-options
nosniff
cf-cache-status
HIT
age
137877
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status
200
content-encoding
br
vary
Accept-Encoding
last-modified
Wed, 22 May 2019 06:26:38 GMT
server
cloudflare
etag
W/"13c2c-589740c42abc9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
expires
Wed, 02 Oct 2019 20:46:12 GMT
cache-control
public, max-age=172800
cf-ray
51e90b802a3b8c62-VIE
cf-bgj
minify
uwt.js
static.ads-twitter.com/
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
gzip
age
45176
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-fra19143-FRA
last-modified
Tue, 23 Jan 2018 20:09:00 GMT
x-timer
S1569876372.460910,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
sbi-sprite.png
www.armor.com/app/plugins/instagram-feed-pro/img/
4 KB
4 KB
Image
General
Full URL
https://www.armor.com/app/plugins/instagram-feed-pro/img/sbi-sprite.png
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
9de999e7d4aa267a5acee4a0aed70ae6df10838613e9627a97a63cf47feb173e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/app/plugins/instagram-feed-pro/css/sb-instagram.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Last-Modified
Thu, 26 Sep 2019 20:16:13 GMT
Server
nginx
ETag
"5d8d1c8d-f67"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=315360000
Node
10.200.102.167
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3943
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
de1216be-00c2-43c0-9c45-3e7f925eb519.woff2
www.armor.com/app/themes/armor-theme/Fonts/
25 KB
25 KB
Font
General
Full URL
https://www.armor.com/app/themes/armor-theme/Fonts/de1216be-00c2-43c0-9c45-3e7f925eb519.woff2
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
c2944cd18afec08747955222976eba2eea19258b6e2ede5bb11d8cb106647e4c

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Origin
https://www.armor.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Last-Modified
Thu, 26 Sep 2019 20:16:19 GMT
Server
nginx
ETag
"5d8d1c93-62ec"
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25324
121784c1-863c-4e49-b682-625ea7de55b0.woff2
www.armor.com/app/themes/armor-theme/Fonts/
26 KB
26 KB
Font
General
Full URL
https://www.armor.com/app/themes/armor-theme/Fonts/121784c1-863c-4e49-b682-625ea7de55b0.woff2
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4ca6b213241815a702f4bcc48945ea383cb8b32ef60547bdb4436b4b6cab420a

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Origin
https://www.armor.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Last-Modified
Thu, 26 Sep 2019 20:16:19 GMT
Server
nginx
ETag
"5d8d1c93-6654"
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
26196
44e7b0fa-6c8d-43c2-b19e-f1e3ce9ea57c.woff2
www.armor.com/app/themes/armor-theme/Fonts/
24 KB
25 KB
Font
General
Full URL
https://www.armor.com/app/themes/armor-theme/Fonts/44e7b0fa-6c8d-43c2-b19e-f1e3ce9ea57c.woff2
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.20.175.25 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-20-175-25.compute-1.amazonaws.com
Software
nginx /
Resource Hash
606aeba72580863b6f94f94a6b9d4bda72f17ff65e4adb951356d2a7f545707e

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Origin
https://www.armor.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Last-Modified
Thu, 26 Sep 2019 20:16:19 GMT
Server
nginx
ETag
"5d8d1c93-619c"
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
24988
v1.7-11
consent.trustarc.com/asset/notice.js/v/
55 KB
19 KB
Script
General
Full URL
https://consent.trustarc.com/asset/notice.js/v/v1.7-11
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=armor.com&c=teconsent&js=nj&noticeType=bb&text=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.31.85.24 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-31-85-24.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a451f2564c4d093f17562cec045ad8d57dc5ff438a1b7f5831a958e69c962e58
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Origin
https://www.armor.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
public
date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 5 Sep 2019 04:10:58 GMT
server
nginx
status
200
x-frame-options
ALLOWALL
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Wed, 30 Oct 2019 20:46:12 GMT
2018-Q4-Website-HeaderImage-Book.jpg
cdn.armor.com/app/uploads/2019/01/
41 KB
41 KB
Image
General
Full URL
https://cdn.armor.com/app/uploads/2019/01/2018-Q4-Website-HeaderImage-Book.jpg
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:800:1a:86d5:4300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
159dff3bd530baa20e57738b0d8c87e8b3e38d8d58ba6ef85784f0e6fd6e02e2

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Sep 2019 18:32:32 GMT
via
1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Wed, 02 Jan 2019 16:53:08 GMT
server
AmazonS3
age
94420
etag
"5a97f849d87011094d524137adfd4681"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
41552
x-amz-cf-id
FkUa4U_HhEgslbUMtBUp-tlZmMBhwSpN1XxWQueMLC0r5UAKO0xynw==
expires
Thu, 02 Jan 2020 16:53:07 GMT
t.gif
vidassets.terminus.services/69451f1c-df25-43a7-ab03-b3258091e8b4/
42 B
681 B
Image
General
Full URL
https://vidassets.terminus.services/69451f1c-df25-43a7-ab03-b3258091e8b4/t.gif?d=3c5af872-ad86-41be-8a1d-976c20ae8df9&s=4d7ed14b-ab3f-444f-8df8-0332d9e273e8&cb=1569876372558
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.32.158.139 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-158-139.fra56.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 27 Sep 2019 14:41:13 GMT
via
1.1 be3a2ea70ea68d04665ee5db91a73443.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56
x-cache
Hit from cloudfront
status
200
content-length
42
last-modified
Fri, 27 Sep 2019 12:54:41 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id
Te-vmoKXfXPZafFb1nrayawvkgJlO3WFUxzY3K_T30GeUzKhXPlsAg==
adsct
t.co/i/
43 B
170 B
Image
General
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nvzk1&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
119
pragma
no-cache
last-modified
Mon, 30 Sep 2019 20:46:12 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
c2a269da88d693da8feb743fc42cf3fd
x-transaction
00944a1100926186
expires
Tue, 31 Mar 1981 05:00:00 GMT
notice
consent.trustarc.com/
11 KB
4 KB
Script
General
Full URL
https://consent.trustarc.com/notice?domain=armor.com&country=de&js=nj2&c=teconsent&noticeType=bb&text=true
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=armor.com&c=teconsent&js=nj&noticeType=bb&text=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.31.85.24 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-31-85-24.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6301fb61e4d37e04e0957e1f5063311f2b3d10c4935f6ce9783b276302b4a650
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Origin
https://www.armor.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
status
200
x-frame-options
SAMEORIGIN
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache
vary
Accept-Encoding
content-length
3587
x-xss-protection
1; mode=block
expires
Mon, 30 Sep 2019 20:46:11 GMT
munchkin.js
munchkin.marketo.net/151/
8 KB
4 KB
Script
General
Full URL
https://munchkin.marketo.net/151/munchkin.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/app/themes/armor-theme/js/dist/armor-header.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-31-84-223.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
585107ada7f42329cd4d6ab1d1e87fdf26f4994e8f47d72a44ee8ab5bd291288

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:12 GMT
Content-Encoding
gzip
Last-Modified
Thu, 20 Aug 2015 02:19:08 GMT
Server
Apache
ETag
"bd3daad4a1e88a1196d76b6dd3c9deed:1440037148"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
3503
Expires
Wed, 08 Jan 2020 20:46:12 GMT
sl.js
scout-cdn.salesloft.com/
6 KB
3 KB
Script
General
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/app/themes/armor-theme/js/dist/armor-header.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.64 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
91f45811a83ee1bd3005eb6df52ef0bf69c1ee66ce0a3b812bc1fbca392473ee

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
gzip
last-modified
Mon, 07 Jan 2019 19:21:23 GMT
server
NetDNA-cache/2.2
x-amz-request-id
9F573C9C1324A61E
etag
W/"5ae62e3d1adb9aa509b61aed2f35d9d2"
x-cache
HIT
content-type
application/javascript
status
200
x-amz-id-2
I7KRQnLoXlMXMR3iXk+5y6fNPxxss3/jorC8RJ14j8uXVKa7Uzo2gV0YBOzL3+XT25j4XChYgj0=
track.min.js
cdn-public.sociabble.com/blob/js/leadgen/
21 KB
9 KB
Script
General
Full URL
https://cdn-public.sociabble.com/blob/js/leadgen/track.min.js?v=1.5
Requested by
Host: www.armor.com
URL: https://www.armor.com/app/themes/armor-theme/js/dist/armor-header.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.91 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
345a4178b63432c1976d4d5601c44822394e6caddcfbac6d54e26f5e1438c401

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
gzip
x-powered-by
ASP.NET
x-cache
HIT
status
200
content-length
8834
last-modified
Tue, 16 Jul 2019 20:09:17 GMT
server
Microsoft-IIS/10.0
etag
"1c8fb58123cd51:0"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
access-control-allow-headers
*
expires
Mon, 30 Sep 2019 20:51:12 GMT
tag.js
lptag.liveperson.net/tag/
18 KB
7 KB
Script
General
Full URL
https://lptag.liveperson.net/tag/tag.js?site=76669337
Requested by
Host: www.armor.com
URL: https://www.armor.com/app/themes/armor-theme/js/dist/armor-header.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
gzip
last-modified
Tue, 21 Aug 2018 07:47:45 GMT
server
ws
etag
"5b7bc3a1-198d"
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
6541
visitWebPage
381-kpd-482.mktoresp.com/webevents/
2 B
303 B
XHR
General
Full URL
https://381-kpd-482.mktoresp.com/webevents/visitWebPage?_mchNc=1569876372705&_mchCn=&_mchId=381-KPD-482&_mchTk=_mch-armor.com-1569876372705-32772&_mchHo=www.armor.com&_mchPo=&_mchRu=%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&_mchPc=https%3A&_mchVr=151&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/151/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.147.68 , United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software
akka-http/10.1.7 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 30 Sep 2019 20:46:13 GMT
Content-Encoding
gzip
Server
akka-http/10.1.7
Transfer-Encoding
chunked
X-Request-Id
cf423b47-a7d4-4711-ac0c-c34b0f0832c2
Content-Type
text/plain; charset=UTF-8
r
scout.salesloft.com/
41 B
432 B
XHR
General
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Ijo5NDMxfQ.dr7gyFx8D1WAY1Fympf6QhebZ8MqN38xN6fqjM5fblw
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.14.45 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-204-14-45.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
server
Cowboy
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.armor.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
2n4l4fj8759ulqcvl56do7q6
.jsonp
lptag.liveperson.net/lptag/api/account/76669337/configuration/applications/taglets/
228 KB
82 KB
Script
General
Full URL
https://lptag.liveperson.net/lptag/api/account/76669337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Requested by
Host: www.armor.com
URL: https://www.armor.com/app/themes/armor-theme/js/dist/armor-header.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
59db4fc2e567cbd99248cd95d76afc2f2ef1f89bd38fbbe19731943bb8c9e6c9

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
gzip
server
ws
x-cache-status
MISS
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.8.0.0-release_461/ Frame 380B
0
0

zones
accdn.lpsnmedia.net/api/account/76669337/configuration/le-campaigns/
17 KB
2 KB
Script
General
Full URL
https://accdn.lpsnmedia.net/api/account/76669337/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/76669337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
a9dd0f77a1fdf32bbcef1290f2057b766ad14033b53adb959d3017b2f69b07c3

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
server
ws
x-cache-status
EXPIRED
vary
Accept
content-type
application/javascript
status
200
expires
Mon, 30 Sep 2019 20:47:13 GMT
76669337
va.v.liveperson.net/api/js/
233 B
1 KB
Script
General
Full URL
https://va.v.liveperson.net/api/js/76669337?&cb=lpCb74015x21756&t=sp&ts=1569876372869&pid=5678619068&tid=887844233&pt=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&u=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&df=0&os=1
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/76669337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
fef8fef048ab1f54f2be1a96a9656c88028d9fe18b433b5952453dff5d3ec3e7

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/json
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
gtm.js
www.googletagmanager.com/
134 KB
33 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WJX6LN3
Requested by
Host: www.armor.com
URL: https://www.armor.com/app/themes/armor-theme/js/dist/armor-footer.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ad547fb00dd0ab5dcb0eb6da78dd1958de5ea07130c4a660a277b712ebda02ac
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
br
last-modified
Mon, 30 Sep 2019 18:00:00 GMT
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
33784
x-xss-protection
0
expires
Mon, 30 Sep 2019 20:46:12 GMT
storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.8.0.0-release_461/ Frame C06C
0
0
Document
General
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.8.0.0-release_461/storage.secure.min.html?loc=https%3A%2F%2Fwww.armor.com&site=76669337&env=prod
Requested by
Host: www.armor.com
URL: https://www.armor.com/app/themes/armor-theme/js/dist/armor-footer.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:6400:10:0:178:249:97:98 , United Kingdom, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash

Request headers

:method
GET
:authority
lpcdn.lpsnmedia.net
:scheme
https
:path
/le_secure_storage/3.8.0.0-release_461/storage.secure.min.html?loc=https%3A%2F%2Fwww.armor.com&site=76669337&env=prod
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/

Response headers

status
200
date
Mon, 30 Sep 2019 20:46:13 GMT
content-type
text/html
last-modified
Tue, 10 Sep 2019 15:26:02 GMT
content-encoding
gzip
server
ws
vary
Origin
access-control-allow-methods
GET, POST, PATCH
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
expires
Mon, 30 Sep 2019 20:56:13 GMT
cache-control
max-age=600
1.css
fast.fonts.net/t/
0
152 B
Stylesheet
General
Full URL
https://fast.fonts.net/t/1.css?apiType=css&projectid=undefined
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41AE) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
last-modified
Wed, 21 Feb 2018 12:55:22 GMT
server
ECS (fcn/41AE)
etag
"616070693"
status
200
x-cache
HIT
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=0
accept-ranges
bytes
content-length
0
expires
Mon, 30 Sep 2019 20:46:13 GMT
hotjar-620868.js
static.hotjar.com/c/
15 KB
3 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-620868.js?sv=6
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.32.75 Amsterdam, Netherlands, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS
pkt-ams-k1-9
Software
openresty /
Resource Hash
18bc19ed74bee962fa99f71813ef5d290cb481e211cce34e9c7279f04a808f74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
section-io-tag
hotjar
age
0
status
200
section-io-cache
Miss
vary
Accept-Encoding
content-length
2857
server
openresty
cache-control
max-age=60
x-frame-options
SAMEORIGIN
etag
W/e5d548dca998b3897eeb512e4fa63e91
access-control-max-age
600
section-io-origin-status
304
access-control-allow-origin
*
x-cache-hit
1
section-io-origin-time-seconds
0.085
section-io-id
38f43c292ba05ca886efda7d33dda864
accept-ranges
bytes
content-type
application/javascript
t.gif
vidassets.terminus.services/69451f1c-df25-43a7-ab03-b3258091e8b4/
42 B
688 B
Image
General
Full URL
https://vidassets.terminus.services/69451f1c-df25-43a7-ab03-b3258091e8b4/t.gif?d=3c5af872-ad86-41be-8a1d-976c20ae8df9&s=4d7ed14b-ab3f-444f-8df8-0332d9e273e8&cb=1569876373100
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.32.158.139 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-158-139.fra56.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
via
1.1 be3a2ea70ea68d04665ee5db91a73443.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
1
x-cache
Hit from cloudfront
status
200
content-length
42
last-modified
Fri, 27 Sep 2019 12:54:41 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
x-amz-cf-pop
FRA56
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id
QIDZT_S8PvOmT0E0ClPtBVGwHuWk0gXcxO0zmPygl2Lu2SJ1qglQGQ==
adsct
analytics.twitter.com/i/
31 B
495 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nvzk1&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
0
x-response-time
121
pragma
no-cache
last-modified
Mon, 30 Sep 2019 20:46:13 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
196a0c3e35028b5e03aec3990b25c76f
x-transaction
0061be20009ab0ef
expires
Tue, 31 Mar 1981 05:00:00 GMT
bannermsg
consent.trustarc.com/
43 B
277 B
Image
General
Full URL
https://consent.trustarc.com/bannermsg?action=views&domain=armor.com&behavior=implied&country=de&language=en&rand=0.7471545938336117
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.31.85.24 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-31-85-24.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 20:46:13 GMT
x-content-type-options
nosniff
server
nginx
status
200
x-frame-options
SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
content-length
43
x-xss-protection
1; mode=block
expires
Mon, 30 Sep 2019 20:46:12 GMT
ipv
cdn.bizible.com/m/
43 B
380 B
Image
General
Full URL
https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=f717c04b56524e679427ccc6b2ede58b&_biz_s=187bb&_biz_l=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&_biz_t=1569876372965&_biz_i=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&_biz_n=0&rnd=50606&cdn_o=a&_biz_z=1569876373154
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41A2) / ASP.NET
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 20:46:13 GMT
x-aspnetmvc-version
5.2
last-modified
Sat, 28 Sep 2019 17:56:39 GMT
server
ECS (fcn/41A2)
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
widget_iframe.bed9e19e565ca3b578705de9e73c29ed.html
platform.twitter.com/widgets/ Frame 6B92
0
0
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.bed9e19e565ca3b578705de9e73c29ed.html?origin=https%3A%2F%2Fwww.armor.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Requested by
Host: www.armor.com
URL: https://www.armor.com/app/themes/armor-theme/js/dist/armor-footer.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/419F) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Mon, 30 Sep 2019 20:46:13 GMT
Etag
"6f4bb4155518386526ca164541e6b1ce+gzip"
Last-Modified
Thu, 28 Jun 2018 18:19:06 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/419F)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
5868
i
scout.salesloft.com/
48 B
578 B
XHR
General
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.14.45 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-204-14-45.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9c18c7ff5ed9693b334bd4dd33a23c67c29b4a078649d8dcfbf4f79f1b10d34c

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
server
Cowboy
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.armor.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
2n4l4fjeqo0c9qcvl56q31l5
analytics.js
www.google-analytics.com/
43 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJX6LN3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
1215
date
Mon, 30 Sep 2019 20:25:58 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Mon, 30 Sep 2019 22:25:58 GMT
fbevents.js
connect.facebook.net/en_US/
121 KB
32 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
14d88b3a27f0e6de034f86ad42d6411081e9467daf754147f2f16bcb20782177
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
31604
x-xss-protection
0
pragma
public
x-fb-debug
Ou1DixXKZRMUjB1MkrgJz9D3/n6jMajTngCtz8UFRWiFZ0RZgDp9I/rsq+CNP7GrPR/CI3TZL9nebMbVTdyfeQ==
x-fb-trip-id
420120009
x-frame-options
DENY
date
Mon, 30 Sep 2019 20:46:13 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
hotjar-548479.js
static.hotjar.com/c/
3 KB
2 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-548479.js?sv=5
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.32.75 Amsterdam, Netherlands, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS
pkt-ams-k1-9
Software
openresty /
Resource Hash
2fb2b3c269ca19ba745baa2009ae65de9762077a94d97ffb30b647aae435e328
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
section-io-tag
hotjar
age
0
status
200
section-io-cache
Miss
vary
Accept-Encoding
server
openresty
cache-control
max-age=60
x-frame-options
SAMEORIGIN
etag
W/f5ada9c797f9299510d938351ff92a73
access-control-max-age
600
section-io-origin-status
304
access-control-allow-origin
*
x-cache-hit
1
section-io-origin-time-seconds
0.082
section-io-id
c176c2a81ea76fb15ae64c5f036df33d
accept-ranges
bytes
content-type
application/javascript
insight.min.js
snap.licdn.com/li.lms-analytics/
944 B
753 B
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
34d46b50dff8e2640fc5a4ff05dbe0eaee6070796e21c1cef4428b64790408dc

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:13 GMT
Content-Encoding
gzip
Last-Modified
Mon, 30 Sep 2019 16:42:34 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=72032
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
440
loader.js
www.gstatic.com/wcm/
599 B
553 B
Script
General
Full URL
https://www.gstatic.com/wcm/loader.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e7d6ff44c58978483c195976a872481f5f7e3dad18d3c1d735a6f227b388768a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 19:57:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 25 Sep 2019 19:45:00 GMT
server
sffe
age
2938
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
420
x-xss-protection
0
expires
Mon, 30 Sep 2019 20:57:15 GMT
bat.js
bat.bing.com/
23 KB
7 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
last-modified
Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref
Ref A: 164F3EF038EA41A5A85C9A1DDC1E2710 Ref B: VIEEDGE0417 Ref C: 2019-09-30T20:46:13Z
status
200
etag
"09c5197968d51:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
7148
dfiidzdnakp5.js
js.driftt.com/include/1569876600000/
132 KB
44 KB
Script
General
Full URL
https://js.driftt.com/include/1569876600000/dfiidzdnakp5.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.21 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-21.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
8bfc10f52a88db2b9548f9cc4dbc460b0570b6f795e84b0f4e429c421ea2b03d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
vary
Accept-Encoding
x-amz-cf-pop
FRA53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
status
200
access-control-allow-origin
*
last-modified
Wed, 25 Sep 2019 17:06:50 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
via
1.1 1cc446ef4692d8e752b16c07f2f58a59.cloudfront.net (CloudFront)
cache-control
max-age=10
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
jc6sXxUh3hw1AJR7W6uVsxoI6CJs56quI1sPT6OneM5Z4y6-12xAnA==
ei.js
web-analytics.engagio.com/js/
1 KB
1 KB
Script
General
Full URL
https://web-analytics.engagio.com/js/ei.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.86.245.217 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-86-245-217.compute-1.amazonaws.com
Software
/
Resource Hash
ac3eabbaf8163e35b29458577bf04ff6d9e254b69dab0130d242edf69d29b8ec

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Mon, 30 Sep 2019 20:46:13 GMT
cache-control
max-age=0
last-modified
Mon, 30 Sep 2019 18:57:18 GMT
content-length
1077
vary
Origin
content-type
application/javascript; charset=utf-8
a9777159.min.js
tag.demandbase.com/
56 KB
15 KB
Script
General
Full URL
https://tag.demandbase.com/a9777159.min.js
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.32.158.252 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-158-252.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f944c3a1f60283099f5ed2983bbd16132f41d272a7c433435fa658e08e5a8aa1

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 20 Aug 2019 01:42:59 GMT
content-encoding
gzip
last-modified
Tue, 20 Aug 2019 00:29:57 GMT
server
AmazonS3
age
1490
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
Z.KEoHWPp2yzjLti1hsN45KfksJC7TSF
status
200
cache-control
public, max-age=3600
x-amz-cf-pop
FRA56
content-type
application/javascript
x-amz-cf-id
intMbuzIIbehC0f85swQKvVPvfg5ep3KkTkKOEgdHswCj5OmB8uZcA==
via
1.1 617456b5ad99c756ee702b235ecfe148.cloudfront.net (CloudFront)
BizibleAcct.js
cdn.bizible.com/
379 B
557 B
Script
General
Full URL
https://cdn.bizible.com/BizibleAcct.js?_biz_u=f717c04b56524e679427ccc6b2ede58b&_biz_h=-1906410348&cdn_o=a&jsVer=4.17.11.10
Requested by
Host: www.armor.com
URL: https://www.armor.com/app/themes/armor-theme/js/dist/armor-footer.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9aa055cbe7c764897a958cd811778a8cb90da3de1842e10315760672bf8792d3

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
content-encoding
gzip
etag
16529B94
x-aspnetmvc-version
5.2
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
private, must-revalidate, max-age=21600
content-type
text/javascript; charset=utf-8
content-length
322
js
www.google-analytics.com/gtm/
70 KB
25 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-KT5NKVW&t=gtm2&cid=13806906.1569876373
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
913a3f25ba97c8a460a43b102797892f4c25de461b2c321d2153dd03e8f5eb87
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
25649
x-xss-protection
0
expires
Mon, 30 Sep 2019 20:46:13 GMT
collect
www.google-analytics.com/
35 B
107 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j79&a=1284824706&t=pageview&_s=1&dl=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&ul=en-us&de=UTF-8&dt=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YGBAgAADQ~&jid=1058228965&gjid=1515494483&cid=13806906.1569876373&tid=UA-435037-20&_gid=221141194.1569876373&gtm=2wg9i1WJX6LN3&z=1967738260
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 24 Aug 2019 15:15:32 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
3216641
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-435037-20&cid=13806906.1569876373&jid=1058228965&gjid=1515494483&_gid=221141194.1569876373&_u=YGBAgAADQ~&z=1240709465
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1058228965&_v=j79&z=1240709465
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1058228965&_v=j79&z=1240709465&slf_rd=1&random=2027129437
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1058228965&_v=j79&z=1240709465&slf_rd=1&random=2027129437
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 20:46:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 30 Sep 2019 20:46:13 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1058228965&_v=j79&z=1240709465&slf_rd=1&random=2027129437
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1831390643754598
connect.facebook.net/signals/config/
307 KB
78 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1831390643754598?v=2.9.4&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
df7777f8816097b3357295bc1803dfcc996e97257148bfb010c86cc57389e8f8
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-trip-id
420120009
pragma
public
x-fb-debug
oqi1FA11Rnc/uVlHRrbJ56Niblf89IAJDpx9QjIyuOH4oB+X/nsQ2wREfgM1mSox4ufpK0246D0PTP8b+TqPVQ==
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
DENY
date
Mon, 30 Sep 2019 20:46:13 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary
Accept-Encoding
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
insight.old.min.js
snap.licdn.com/li.lms-analytics/
15 KB
5 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:13 GMT
Content-Encoding
gzip
Last-Modified
Mon, 23 Sep 2019 16:57:12 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=43446
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4571
impl-1_31.js
www.gstatic.com/wcm/
31 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/wcm/impl-1_31.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
a7270152c4aeda08b74c5adccd10e8dd2769d47fd98a924ba3c4b0e48b7e7a60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 22 Sep 2019 19:18:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 Sep 2018 20:15:00 GMT
server
sffe
age
696444
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
12086
x-xss-protection
0
expires
Mon, 21 Sep 2020 19:18:49 GMT
u
cdn.bizible.com/m/
43 B
116 B
Image
General
Full URL
https://cdn.bizible.com/m/u?mapType=mkto&mapValue=id%3A381-KPD-482%26token%3A_mch-armor.com-1569876372705-32772&_biz_u=f717c04b56524e679427ccc6b2ede58b&_biz_s=187bb&_biz_l=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&_biz_t=1569876373156&_biz_i=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&_biz_n=1&rnd=28724&cdn_o=a&_biz_z=1569876373264
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40DD) / ASP.NET
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 20:46:13 GMT
x-aspnetmvc-version
5.2
last-modified
Fri, 27 Sep 2019 04:41:15 GMT
server
ECS (fcn/40DD)
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
us
scout.us1.salesloft.com/
42 B
371 B
Image
General
Full URL
https://scout.us1.salesloft.com/us?type=landed&hitId=527130200&rand=1791895018&monitorResolution=1600x1200&viewportResolution=1600x1200&pageTitle=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&url=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&sessionCount=1&hasWS=true&time=516&userAgent=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&guid=4b9e8d23-52b7-4d2a-8c50-525d2f8453d9&tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Ijo5NDMxfQ.dr7gyFx8D1WAY1Fympf6QhebZ8MqN38xN6fqjM5fblw
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.209.108 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-194-209-108.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:12 GMT
server
Cowboy
content-type
image/gif; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
42
x-request-id
2n4l4fk5t8frslq61gv0obr7
ip.json
api.company-target.com/api/v2/
1 KB
1 KB
XHR
General
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&page_title=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&key=11a2abceeefb69ebeb45c693eef1a6b4&src=tag
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/a9777159.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.32.158.236 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-158-236.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
a2b822bab96a6e095c7309930ececb5c93c84a4f87be1698189c623c8d6e0579

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
x-amz-cf-pop
FRA56
x-cache
Miss from cloudfront
status
200
access-control-max-age
1728000
request-id
7c655e61-72d6-4ae7-8b70-67607c6cb57b
x-amz-cf-id
WgyK0G8LttqobRE79WBQ9bcBhmD7Z4iFsw5iNWA69kSIttjYLTiAFg==
pragma
no-cache
access-control-allow-origin
https://www.armor.com
server
nginx
vary
Accept-Encoding, Origin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 5e6663e1b6bfcd319fbf11ba3c6a1259.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
identification-source
CACHE
expires
Sun, 29 Sep 2019 20:46:13 GMT
validateCookie
segments.company-target.com/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AAWykU67JNMAABW7n-I0uw
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAWykU67JNMAABW7n-I0uw&verifyHash=3d6859ee1d1c271d8e74de7db1c2c365cda2fb83
26 B
390 B
Image
General
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAWykU67JNMAABW7n-I0uw&verifyHash=3d6859ee1d1c271d8e74de7db1c2c365cda2fb83
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.70 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-70.fra53.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 30 Sep 2019 20:46:13 GMT
Via
1.1 befe3b8553d90339ecf78e5d7cefa60b.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Connection
keep-alive
trace-id
9dedc9c865e16157
Content-Length
26
X-Amz-Cf-Id
M4XmjBuYviEa5EGivXZRr9rlBjc96paYSxnjTK1BTvnwQNhvuXYUQw==

Redirect headers

Date
Mon, 30 Sep 2019 20:46:13 GMT
Via
1.1 befe3b8553d90339ecf78e5d7cefa60b.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AAWykU67JNMAABW7n-I0uw&verifyHash=3d6859ee1d1c271d8e74de7db1c2c365cda2fb83
Connection
keep-alive
trace-id
ee32ebc9cfea63a1
Content-Length
0
X-Amz-Cf-Id
mTWfMIiOsFwptLXSzF5fbctcNrDWjnkW67-LmEo4lNnT0n138Rh2Zg==
modules.6aea76fcad17f98bd75d.js
script.hotjar.com/
431 KB
73 KB
Script
General
Full URL
https://script.hotjar.com/modules.6aea76fcad17f98bd75d.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-620868.js?sv=6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.84.99 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS
Software
/
Resource Hash
e6798df5ccd72cf937ba8d54ecfa773673752f454a4346117f5728d2c649d2b3

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
br
last-modified
Thu, 26 Sep 2019 16:28:13 GMT
status
200
etag
"767972bb05e43168de6c884c3cc14a3c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
section-io-origin-time-seconds
0.027
section-io-origin-status
200
accept-ranges
bytes
section-io-id
7f8753c570030faa6bd4c14071eabaec
content-length
74033
wcm
www.googleadservices.com/pagead/conversion/1001993991/
67 B
187 B
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/1001993991/wcm?cl=zKOGCPX7n3QQh-7k3QM&fb=18772623473&callback=_callbacks____1a9qdso3b
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/impl-1_31.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f98.1e100.net
Software
cafe /
Resource Hash
39855e3e495b6eb2ede6e50de8dfa1f1350b8c5ac056a4e30b4bbb14f9804607
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
83
x-xss-protection
0
jot.html
platform.twitter.com/ Frame BBD0
Redirect Chain
  • https://syndication.twitter.com/i/jot
  • https://platform.twitter.com/jot.html
0
0
Document
General
Full URL
https://platform.twitter.com/jot.html
Requested by
Host: www.armor.com
URL: https://www.armor.com/app/themes/armor-theme/js/dist/armor-footer.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40B0) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Accept-Encoding
gzip, deflate, br
Cookie
personalization_id="v1_CghS1h2BA/Krv3D+viM+Sw=="
Upgrade-Insecure-Requests
1
Origin
https://www.armor.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Mon, 30 Sep 2019 20:46:13 GMT
Etag
"d9592a6c704736fa4da218d4357976dd"
Last-Modified
Mon, 09 Sep 2019 22:21:05 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/40B0)
X-Cache
HIT
Content-Length
80

Redirect headers

status
302 302 Found
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length
0
content-type
text/html;charset=utf-8
date
Mon, 30 Sep 2019 20:46:13 GMT
expires
Tue, 31 Mar 1981 05:00:00 GMT
last-modified
Mon, 30 Sep 2019 20:46:13 GMT
location
https://platform.twitter.com/jot.html
pragma
no-cache
server
tsa_o
strict-transport-security
max-age=631138519
x-connection-hash
e5590d97a8efd119af07bd2c75291d24
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-response-time
117
x-transaction
00d8b1280075b383
x-tsa-request-body-time
0
x-twitter-response-tags
BouncerCompliant
x-xss-protection
0
box-90f3a29ef7448451db5af955688970d7.html
vars.hotjar.com/ Frame 4733
0
0
Document
General
Full URL
https://vars.hotjar.com/box-90f3a29ef7448451db5af955688970d7.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-620868.js?sv=6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.83.125 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS
pkt-ams-k1-6
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-90f3a29ef7448451db5af955688970d7.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/

Response headers

status
200
date
Mon, 30 Sep 2019 20:46:13 GMT
content-type
text/html
content-length
787
cache-control
max-age=31536000
content-encoding
br
last-modified
Mon, 12 Aug 2019 15:26:38 GMT
etag
"5ee1a7ca3792b75767626ba3f51572aa"
section-io-origin-status
200
section-io-origin-time-seconds
0.041
vary
Accept-Encoding
accept-ranges
bytes
section-io-id
f8f25deca270b2cc3512209a37f113ea
wcm
www.google.de/pagead/attribution/
47 B
193 B
Script
General
Full URL
https://www.google.de/pagead/attribution/wcm?cl=zKOGCPX7n3QQh-7k3QM&fb=18772623473&use_ssct=1&callback=_callbacks____2a7upr462
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/impl-1_31.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
b30f366c101d1383735174dca9c25479d7e756309211e02a03776dbd9dd9d621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
63
x-xss-protection
0
76669337
va.v.liveperson.net/api/js/
109 B
829 B
Script
General
Full URL
https://va.v.liveperson.net/api/js/76669337?sid=tjG5PbGlQmeElVamDRCnEg&cb=lpCb9402x93747&t=pl&ts=1569876373159&pid=5678619068&tid=887844233&vid=NhZjU1M2JlNmRkZTRjYTIw
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/76669337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
7ff3f68ffdec7788ab1352e1ad274b223c79080c1e97aba201ab3d6bac66a9ed

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/json
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
76669337
va.v.liveperson.net/api/js/
42 B
769 B
Script
General
Full URL
https://va.v.liveperson.net/api/js/76669337?sid=tjG5PbGlQmeElVamDRCnEg&cb=lpCb75475x66436&t=uc&ts=1569876373278&pid=5678619068&tid=887844233&sdes=%5B%7B%22type%22%3A%22pagediv%22%2C%22divId%22%3A%22div-armor-marketing-chat-dev-1%22%7D%5D&vid=NhZjU1M2JlNmRkZTRjYTIw
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/76669337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
268efe8c56d4c37dabeb2dc6f0f3928d8f7273d54751490ca478654c6396cffc

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/json
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
ei_track_all_packed.js
dn1f1hmdujj40.cloudfront.net/js/
8 KB
8 KB
Script
General
Full URL
https://dn1f1hmdujj40.cloudfront.net/js/ei_track_all_packed.js
Requested by
Host: web-analytics.engagio.com
URL: https://web-analytics.engagio.com/js/ei.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:e800:c:90ee:6000:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash
69cbeb32415361b0f7a1885601c4ca9bbecfdddfd91497c348d1a0bc403dee66

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:43:39 GMT
via
1.1 e8b17f734954ee4d46d26cf302323482.cloudfront.net (CloudFront)
last-modified
Mon, 30 Sep 2019 18:57:18 GMT
age
154
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=300
x-amz-cf-pop
FRA53-C1
content-length
7719
x-amz-cf-id
SvFtnGIplDmbj-XwWio4I-DEtdZAPYO_qQEi3w8BmvwTcW891A18Ig==
inferredEvents.js
connect.facebook.net/signals/plugins/
35 KB
10 KB
Script
General
Full URL
https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.9.4
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
b4e9e9bef19c34422f55a7fdb9d10c4db5e39cff24b8c98a0be0e09b2ee6ac2b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
10218
x-xss-protection
0
pragma
public
x-fb-debug
SWNd0FCetcSXLJLy1EeNeXspXFlujki6A8qz3vcmmH5KtN3Ne+vwr4bPI+IH1wftZDn7pJA+YyVal5Jmitl0jg==
x-fb-trip-id
420120009
x-frame-options
DENY
date
Mon, 30 Sep 2019 20:46:13 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
249 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1831390643754598&ev=PageView&dl=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&rl=&if=false&ts=1569876373571&sw=1600&sh=1200&v=2.9.4&r=stable&ec=0&o=30&fbp=fb.1.1569876373570.377576787&it=1569876373255&coo=false&rqm=GET
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:13 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Mon, 30 Sep 2019 20:46:13 GMT
stat
web-analytics.engagio.com/api/
69 B
161 B
Script
General
Full URL
https://web-analytics.engagio.com/api/stat?page_url=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&page_title=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&track_type=page&action=ei_view&category=ei_page_tracking&client_id=&account_id=b45ca0d1dad3d3e2b897c64896f66583404b99c4&method=post&callback=EI.api._callbacks.s3195643
Requested by
Host: dn1f1hmdujj40.cloudfront.net
URL: https://dn1f1hmdujj40.cloudfront.net/js/ei_track_all_packed.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.86.245.217 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-86-245-217.compute-1.amazonaws.com
Software
/
Resource Hash
9f7dfcaa3439d40e48bb0d38ab8f59f7fd485dcc6c728f1375505c03c7c623ee

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Mon, 30 Sep 2019 20:46:13 GMT
content-length
69
vary
Origin
content-type
text/javascript; charset=utf-8
/
www.facebook.com/tr/ Frame B7E4
0
0
Document
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJX6LN3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
POST
:authority
www.facebook.com
:scheme
https
:path
/tr/
content-length
3129
pragma
no-cache
cache-control
no-cache
origin
https://www.armor.com
upgrade-insecure-requests
1
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
accept-encoding
gzip, deflate, br
cookie
fr=0rAt845JcbyYjstur..BdkmmV...1.0.BdkmmV.
Origin
https://www.armor.com
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/

Response headers

status
200
content-type
text/plain
access-control-allow-origin
https://www.armor.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-length
0
server
proxygen-bolt
date
Mon, 30 Sep 2019 20:46:14 GMT
0
bat.bing.com/action/
0
148 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5738928&Ver=2&mid=f06b0e75-0a6b-3197-3ae2-5166b3027f33&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Reading,%20Writing,%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&p=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&r=&lt=3441&evt=pageLoad&msclkid=N&rn=465781
Requested by
Host: www.armor.com
URL: https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Mon, 30 Sep 2019 20:46:13 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 2E361729E1A347C1AFB0AC434B644B4F Ref B: VIEEDGE0417 Ref C: 2019-09-30T20:46:14Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
px.ads.linkedin.com/collect/
Redirect Chain
  • https://px.ads.linkedin.com/collect/?time=1569876374173&pid=58768&url=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&fmt=js&s=1
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1569876374173%26pid%3D58768%26url%3Dhttps%253A%252F%252Fwww.armor.com%252Fthreat-intelligence%25...
  • https://px.ads.linkedin.com/collect/?time=1569876374173&pid=58768&url=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&fmt=js&s=1&liS...
0
111 B
Script
General
Full URL
https://px.ads.linkedin.com/collect/?time=1569876374173&pid=58768&url=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&fmt=js&s=1&liSync=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:119:50e1:105::6cae:b25 , United States, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:15 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-esv5
content-type
application/javascript
content-length
20
x-li-uuid
KgOk+z5SyRUgmnyrwyoAAA==

Redirect headers

date
Mon, 30 Sep 2019 20:46:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
302
vary
Accept-Encoding
content-length
20
x-li-uuid
le4w7j5SyRWAFqcQUisAAA==
server
Play
pragma
no-cache
x-li-pop
prod-edc2
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect/?time=1569876374173&pid=58768&url=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&fmt=js&s=1&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
index.html
js.driftt.com/deploy/assets/ Frame E5CE
0
0
Document
General
Full URL
https://js.driftt.com/deploy/assets/index.html
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1569876600000/dfiidzdnakp5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.21 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-21.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
js.driftt.com
:scheme
https
:path
/deploy/assets/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/

Response headers

status
200
content-type
text/html; charset=utf-8
content-length
938
server
nginx
last-modified
Wed, 25 Sep 2019 17:06:50 GMT
x-amz-server-side-encryption
AES256
accept-ranges
bytes
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 30 Sep 2019 20:46:14 GMT
etag
"d206a06128bdad558a2d10ecc63f04d0"
cache-control
max-age=10
x-cache
Hit from cloudfront
via
1.1 1cc446ef4692d8e752b16c07f2f58a59.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
w6zFU2kM479ADpZcYu5pHU_6uasGsjvrbop7j355SNFDvmOPi9P8gg==
collect
www.google-analytics.com/
35 B
107 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j79&a=1284824706&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&ul=en-us&de=UTF-8&dt=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%20962257&_u=aHDAgEADQ~&jid=1112234548&gjid=399283218&cid=13806906.1569876373&tid=UA-435037-20&_gid=221141194.1569876373&gtm=2wg9i1WJX6LN3&z=426141201
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 24 Aug 2019 15:15:32 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
3216644
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-435037-20&cid=13806906.1569876373&jid=1112234548&gjid=399283218&_gid=221141194.1569876373&_u=aHDAgEADQ~&z=855767277
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1112234548&_v=j79&z=855767277
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1112234548&_v=j79&z=855767277&slf_rd=1&random=3021254996
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1112234548&_v=j79&z=855767277&slf_rd=1&random=3021254996
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 20:46:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 30 Sep 2019 20:46:16 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1112234548&_v=j79&z=855767277&slf_rd=1&random=3021254996
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
101 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j79&a=1284824706&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&ul=en-us&de=UTF-8&dt=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Drift%20Widget&ea=Message%20Received&el=Playbook%20ID%3A%20962257&_u=aHDAgEADQ~&jid=&gjid=&cid=13806906.1569876373&tid=UA-435037-20&_gid=221141194.1569876373&gtm=2wg9i1WJX6LN3&z=1867296282
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 24 Aug 2019 15:15:32 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
3216644
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
107 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j79&a=1284824706&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&ul=en-us&de=UTF-8&dt=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Drift%20Widget&ea=Message%20Received&el=Playbook%20ID%3A%20962257&_u=aHDAgEADQ~&jid=1346517224&gjid=1813421598&cid=13806906.1569876373&tid=UA-435037-20&_gid=221141194.1569876373&gtm=2wg9i1WJX6LN3&z=1628221604
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 24 Aug 2019 15:15:32 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
3216645
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-435037-20&cid=13806906.1569876373&jid=1346517224&gjid=1813421598&_gid=221141194.1569876373&_u=aHDAgEADQ~&z=185267055
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1346517224&_v=j79&z=185267055
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1346517224&_v=j79&z=185267055&slf_rd=1&random=2596038489
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1346517224&_v=j79&z=185267055&slf_rd=1&random=2596038489
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Sep 2019 20:46:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 30 Sep 2019 20:46:17 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-435037-20&cid=13806906.1569876373&jid=1346517224&_v=j79&z=185267055&slf_rd=1&random=2596038489
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
us
scout.us1.salesloft.com/
42 B
371 B
Image
General
Full URL
https://scout.us1.salesloft.com/us?type=tick&hitId=527130200&rand=864222120&monitorResolution=1600x1200&viewportResolution=1600x1200&pageTitle=Reading%2C%20Writing%2C%20and%20Ransomware%3A%20New%20Attacks%20Greet%20Students%20-%20Armor&url=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&sessionCount=2&hasWS=true&time=5517&userAgent=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&guid=4b9e8d23-52b7-4d2a-8c50-525d2f8453d9&tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Ijo5NDMxfQ.dr7gyFx8D1WAY1Fympf6QhebZ8MqN38xN6fqjM5fblw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.209.108 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-194-209-108.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:18 GMT
server
Cowboy
content-type
image/gif; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
42
x-request-id
2n4l4fsvnhbfmlq61gv0okc7
us
scout.us1.salesloft.com/
42 B
371 B
Image
General
Full URL
https://scout.us1.salesloft.com/us?type=tick&hitId=527130200&rand=1442916060&monitorResolution=1600x1200&viewportResolution=1600x1200&pageTitle=(1)%20New%20Message!&url=https%3A%2F%2Fwww.armor.com%2Fthreat-intelligence%2Freading-writing-and-ransomware-new-attacks-greet-students%2F&sessionCount=3&hasWS=true&time=10517&userAgent=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36&guid=4b9e8d23-52b7-4d2a-8c50-525d2f8453d9&tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Ijo5NDMxfQ.dr7gyFx8D1WAY1Fympf6QhebZ8MqN38xN6fqjM5fblw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.209.108 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-194-209-108.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:23 GMT
server
Cowboy
content-type
image/gif; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
42
x-request-id
2n4l4g68utu4qlq61gv0osd7
76669337
va.v.liveperson.net/api/js/
73 B
800 B
Script
General
Full URL
https://va.v.liveperson.net/api/js/76669337?sid=tjG5PbGlQmeElVamDRCnEg&cb=lpCb63060x90438&t=ip&ts=1569876383508&pid=5678619068&tid=887844233&vid=NhZjU1M2JlNmRkZTRjYTIw
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/76669337/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
5eac7334c2ab8d92c1e1d9abd1272d04392000ac3c2460b8527c4b7599362a68

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.armor.com/threat-intelligence/reading-writing-and-ransomware-new-attacks-greet-students/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 30 Sep 2019 20:46:23 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/json
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
simple-banner.glitch.me
URL
https://simple-banner.glitch.me/hostname
Domain
lpcdn.lpsnmedia.net
URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.8.0.0-release_461/storage.secure.min.html?loc=https%3A%2F%2Fwww.armor.com&site=76669337&env=prod

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| _wpemojiSettings function| $ function| jQuery undefined| oldgs object| punchgs object| _gsScope undefined| oldgs_queue undefined| GreenSockGlobals undefined| _gsQueue object| xhr object| a2a_config function| setREVStartSize object| dataLayer function| twq object| truste object| twttr object| a2a string| sbiajaxurl object| tribe_l10n_datatables function| _truste_eu object| PREF_MGR_API_DEBUG object| PrivacyManagerAPI object| TRUSTE_CMAPI_DEBUG object| twemoji object| wp object| tribe object| lpTag function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin string| SLScoutObject function| slscout object| socTrack object| MktoForms2 object| MunchkinTracker function| _typeof object| proxyless object| lpMTagConfig function| runMain boolean| ctf_js_exists function| jsSHA function| cookie object| html5 function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry object| jQuery112404300501783112647 object| Bizible object| BizTrackingA object| BizA function| __twttrll object| __twttr object| fp_utils function| fullpage undefined| projectId object| mtiTracking function| hj object| _hjSettings object| google_tag_manager string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady function| fbq function| _fbq string| _linkedin_data_partner_id function| _googWcmImpl string| _googWcmAk function| _googWcmGet object| uetq function| drift function| driftt object| _eiq object| _engagio_settings object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| __extends object| Demandbase object| __db function| DBSegment object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| google_optimize function| _googWccDebug object| _vis_opt_queue object| __core-js_shared__ boolean| __DRIFTT_WIDGET_INCLUDED__ boolean| __DRIFTT_SHOW_WIDGET_ON_BOOT__ string| google_wcc_status object| EI object| pre_loader object| urlParams function| UET function| _bizo_local_logger function| _bizo_fire_partners boolean| _bizo_main_already_called

22 Cookies

Domain/Path Name / Value
.armor.com/ Name: _fbp
Value: fb.1.1569876373570.377576787
www.armor.com/ Name: gwcc
Value: %7B%22fallback%22%3A%2218772623473%22%2C%22clabel%22%3A%22zKOGCPX7n3QQh-7k3QM%22%2C%22backoff%22%3A86400%2C%22backoff_expires%22%3A1569962773%7D
.armor.com/ Name: _hjid
Value: db551315-b50d-420c-9b27-41f0736cd9f8
.armor.com/ Name: LPSID-76669337
Value: tjG5PbGlQmeElVamDRCnEg
.armor.com/ Name: _biz_pendingA
Value: %5B%5D
www.armor.com/ Name: slirequested
Value: true
.armor.com/ Name: _dc_gtm_UA-435037-20
Value: 1
www.armor.com/ Name: driftt_aid
Value: 3d4c0c6f-bac2-4a34-a51d-562d224d90dc
.armor.com/ Name: _gid
Value: GA1.2.221141194.1569876373
.armor.com/ Name: _ga
Value: GA1.2.13806906.1569876373
.armor.com/ Name: ei_client_id
Value: 5d926995ff75eb0010fafffc
.armor.com/ Name: _biz_nA
Value: 2
.twitter.com/ Name: personalization_id
Value: "v1_CghS1h2BA/Krv3D+viM+Sw=="
www.armor.com/ Name: sliguid
Value: 4b9e8d23-52b7-4d2a-8c50-525d2f8453d9
www.armor.com/ Name: slireg
Value: https://scout.us1.salesloft.com
.armor.com/ Name: _biz_uid
Value: f717c04b56524e679427ccc6b2ede58b
.armor.com/ Name: LPVID
Value: NhZjU1M2JlNmRkZTRjYTIw
.armor.com/ Name: _biz_flagsA
Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.armor.com/ Name: _mkto_trk
Value: id:381-KPD-482&token:_mch-armor.com-1569876372705-32772
www.armor.com/ Name: d-a8e6
Value: 3c5af872-ad86-41be-8a1d-976c20ae8df9
.armor.com/ Name: _biz_sid
Value: 187bb
www.armor.com/ Name: s-9da4
Value: 4d7ed14b-ab3f-444f-8df8-0332d9e273e8

1 Console Messages

Source Level URL
Text
console-api log URL: https://www.armor.com/wp/wp-includes/js/jquery/jquery-migrate.min.js(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

381-kpd-482.mktoresp.com
accdn.lpsnmedia.net
analytics.twitter.com
api.company-target.com
bat.bing.com
cdn-public.sociabble.com
cdn.armor.com
cdn.bizible.com
connect.facebook.net
consent.trustarc.com
d1acp2n11z40zw.cloudfront.net
dn1f1hmdujj40.cloudfront.net
fast.fonts.net
js.driftt.com
lpcdn.lpsnmedia.net
lptag.liveperson.net
match.prod.bidr.io
munchkin.marketo.net
platform.twitter.com
px.ads.linkedin.com
scout-cdn.salesloft.com
scout.salesloft.com
scout.us1.salesloft.com
script.hotjar.com
segments.company-target.com
simple-banner.glitch.me
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
syndication.twitter.com
t.co
tag.demandbase.com
use.fontawesome.com
va.v.liveperson.net
vars.hotjar.com
vidassets.terminus.services
web-analytics.engagio.com
www.armor.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
lpcdn.lpsnmedia.net
simple-banner.glitch.me
104.244.42.131
104.244.42.133
104.244.42.72
13.32.158.139
13.32.158.236
13.32.158.252
143.204.214.21
143.204.214.70
147.75.32.75
147.75.83.125
147.75.84.99
151.101.12.157
172.217.22.98
178.249.101.23
184.31.84.223
192.229.221.91
192.28.147.68
2001:4860:4802:38::75
208.89.12.87
23.111.9.35
23.111.9.64
23.20.175.25
2600:9000:214f:800:1a:86d5:4300:93a1
2600:9000:214f:e800:c:90ee:6000:21
2606:2800:234:59:254c:406:2366:268c
2606:2800:234:660:118e:28f:1d8a:2522
2606:4700:10::6814:6e27
2620:119:50e1:105::6cae:b25
2620:119:50e4:101::6cae:b51
2620:1ec:c11::200
2a00:1450:4001:814::2008
2a00:1450:4001:815::200e
2a00:1450:4001:816::2003
2a00:1450:4001:819::2003
2a00:1450:400c:c0c::9d
2a02:26f0:6c00:296::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a03:6400:10:0:178:249:97:98
2a03:6400:10:0:178:249:97:99
34.194.209.108
52.204.14.45
52.211.150.253
52.31.85.24
54.86.245.217
93.184.220.178
04214d71c2c8c35d5404fbb0f096cb7c3bf17a1dfaf10587a7716de9dc0071a5
04f6fe75ea746ef6eccc7e329feb9a6d010cb9223d984fb5492a3fb6d2d79709
06d6e10886ed7de5561acab1935bce1c46174baa9cbd0bcb319aa3b69594131f
079b03a5c4fac8e8f958095e9954f8072cde83d6eef64f01ea73c3c7e47f382c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14d88b3a27f0e6de034f86ad42d6411081e9467daf754147f2f16bcb20782177
159dff3bd530baa20e57738b0d8c87e8b3e38d8d58ba6ef85784f0e6fd6e02e2
18bc19ed74bee962fa99f71813ef5d290cb481e211cce34e9c7279f04a808f74
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e6f7b22b807f132cd56bd7f8d8d19f6555eb47ef10770812c8b9525e2608fe0
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
24bdf22b6e237ff6f00bdb08bfd0b80f50dd9dbedaba96880c2de544082e1c30
268efe8c56d4c37dabeb2dc6f0f3928d8f7273d54751490ca478654c6396cffc
27ead7f47a3fb4d1e7cbef0c68e28bde7ea18923cf41d8ca82ba13584eebc710
27f1894b4c226d8d37278433ff3dd2e448cb877d2cbe818d189fc905195d3422
2fb2b3c269ca19ba745baa2009ae65de9762077a94d97ffb30b647aae435e328
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
31ff9f3df32472b67536a2fab76a4032e5de477ea644a9f2153c4d4d263d5ef3
34119901f74b4d927c3b3ac787f1b99819174e6308ad5d4cb05ba5409cb5ffa5
345a4178b63432c1976d4d5601c44822394e6caddcfbac6d54e26f5e1438c401
34d46b50dff8e2640fc5a4ff05dbe0eaee6070796e21c1cef4428b64790408dc
35c00684c2c2e63c4b0bbccc35fd2f2fd96db731d128fd4e1144e0f6c39617fc
39855e3e495b6eb2ede6e50de8dfa1f1350b8c5ac056a4e30b4bbb14f9804607
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
42f08d3fd1152d7c7ae15257b5ff78097c45ee0aca2f76d2927a1115ebad9771
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4ad5ac7ac169c38946be3696e837917de65d3f44f2c5ba250622ea7b478bc0a2
4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d
4ca6b213241815a702f4bcc48945ea383cb8b32ef60547bdb4436b4b6cab420a
55c98973ad75643b7fa9abeb6f381973b66f764386538e8fd7e16b3f969d2f31
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
585107ada7f42329cd4d6ab1d1e87fdf26f4994e8f47d72a44ee8ab5bd291288
596107120d4e37fdd432fd77b9a35ed8cd715d8f0d8143c579c57d3e58282c57
59db4fc2e567cbd99248cd95d76afc2f2ef1f89bd38fbbe19731943bb8c9e6c9
5eac7334c2ab8d92c1e1d9abd1272d04392000ac3c2460b8527c4b7599362a68
606aeba72580863b6f94f94a6b9d4bda72f17ff65e4adb951356d2a7f545707e
6301fb61e4d37e04e0957e1f5063311f2b3d10c4935f6ce9783b276302b4a650
64c85e8b3d558b7ced2ce4d184dafd88b8dda0cfb0f388a06a7ff3e8f34841d8
69cbeb32415361b0f7a1885601c4ca9bbecfdddfd91497c348d1a0bc403dee66
6d8f15a09867ac073e71fee08dcc22f0ff9d96ad780f087b551330fb1644e2db
756df835cdc3e6d51abfaa6f2cd0d48a3430e2bcc2c12566e06dc79f3ba4ff74
794b7354ed6d515c822a9a56d49cb17c5a9368cf53981afcccf71ac46f2a3c74
7ff3f68ffdec7788ab1352e1ad274b223c79080c1e97aba201ab3d6bac66a9ed
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
852d6ef7e1f541e29805a611f49b52f6ecb7a47679e966c9264db3c177234ba6
86c47df0704a55ff8824483a2d32a37d567284baa4ba9ab7fb1658d9bc99cc02
8bfc10f52a88db2b9548f9cc4dbc460b0570b6f795e84b0f4e429c421ea2b03d
913a3f25ba97c8a460a43b102797892f4c25de461b2c321d2153dd03e8f5eb87
91f45811a83ee1bd3005eb6df52ef0bf69c1ee66ce0a3b812bc1fbca392473ee
958bb1007d69f98adfd7f7966d348275f35329d7c23d91d6fb7d660d04afdb8f
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9aa055cbe7c764897a958cd811778a8cb90da3de1842e10315760672bf8792d3
9c18c7ff5ed9693b334bd4dd33a23c67c29b4a078649d8dcfbf4f79f1b10d34c
9de999e7d4aa267a5acee4a0aed70ae6df10838613e9627a97a63cf47feb173e
9f7dfcaa3439d40e48bb0d38ab8f59f7fd485dcc6c728f1375505c03c7c623ee
a1dad966d318bac62d305a0e05f1b047ed9575c9a7a086041ad24fa920cc6b7d
a1dff8b0c66227748951c4ff891f146f49c5a382ac8e3d6e3c2e9cf8aa560dc8
a2b822bab96a6e095c7309930ececb5c93c84a4f87be1698189c623c8d6e0579
a451f2564c4d093f17562cec045ad8d57dc5ff438a1b7f5831a958e69c962e58
a7270152c4aeda08b74c5adccd10e8dd2769d47fd98a924ba3c4b0e48b7e7a60
a9dd0f77a1fdf32bbcef1290f2057b766ad14033b53adb959d3017b2f69b07c3
ac3eabbaf8163e35b29458577bf04ff6d9e254b69dab0130d242edf69d29b8ec
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad547fb00dd0ab5dcb0eb6da78dd1958de5ea07130c4a660a277b712ebda02ac
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721
b30f366c101d1383735174dca9c25479d7e756309211e02a03776dbd9dd9d621
b4e9e9bef19c34422f55a7fdb9d10c4db5e39cff24b8c98a0be0e09b2ee6ac2b
b5443203a86a9d8b802b2378c6458dffeb7f29ad991e105e69ca03bb74693e68
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
c2944cd18afec08747955222976eba2eea19258b6e2ede5bb11d8cb106647e4c
cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e
cf7a610c11489bfce177c3c71c5c7aec7101b1ba754d3d2aacc9636fc046c3b6
d8e3d639b5446534fbec951b583b6eb37962a4e82fd4c6c1ff6ca3534de3eb0d
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dca2a46c726b75d682229527df890e8ff2a8a63ed1b59a9f749335f6aa315724
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
df7777f8816097b3357295bc1803dfcc996e97257148bfb010c86cc57389e8f8
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6798df5ccd72cf937ba8d54ecfa773673752f454a4346117f5728d2c649d2b3
e79e7268e259af85b71a208d363aed33c81e00e448cfeb7f26e2eb21b5672dd2
e7d6ff44c58978483c195976a872481f5f7e3dad18d3c1d735a6f227b388768a
e96cfe81431ab0c70414bc65dd83d59ada01405419c8faca900637fdfffdd48b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe
f944c3a1f60283099f5ed2983bbd16132f41d272a7c433435fa658e08e5a8aa1
fc71dde0fa1f3434b18e014866b9484f577bc34c8ea80155e0039fe041419fa6
fda9e98004dfb48d2ef7a9c8a2532d83e7d70d246788f99ece81443e8a96db79
fef8fef048ab1f54f2be1a96a9656c88028d9fe18b433b5952453dff5d3ec3e7