www.scmagazine.com Open in urlscan Pro
52.202.3.162 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cyb...
Submission: On January 15 via manual (January 15th 2019, 1:25:29 pm UTC) from US

Summary HTTP 165 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 30 IPs in 4 countries across 24 domains to perform 165 HTTP transactions. The main IP is 52.202.3.162, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is www.scmagazine.com.
TLS certificate: Issued by Trusted Secure Certificate Authority 5 on September 6th 2018. Valid for: a year.

This is the only time www.scmagazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	52.202.3.162 52.202.3.162	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
18	94.31.29.64 94.31.29.64	33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group)
2	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
5	2a00:1450:400... 2a00:1450:4001:81a::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81f::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:20b... 2600:9000:20bb:fe00:1b:fadc:b780:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	52.216.163.165 52.216.163.165	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
10	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	151.101.120.134 151.101.120.134	54113 (FASTLY) (FASTLY - Fastly)
63	2606:4700:20:... 2606:4700:20::6819:5465	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 5	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	13.35.254.31 13.35.254.31	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2600:1f14:cc5... 2600:1f14:cc5:8001:d778:4025:9131:ad36	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a02:26f0:eb:... 2a02:26f0:eb:3b3::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:20b... 2600:9000:20bb:ee00:18:1fcd:348:2461	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	204.2.197.202 204.2.197.202	1422 (MEDIA6-ASN) (MEDIA6-ASN - Media6degrees)
2	38.126.130.202 38.126.130.202	1422 (MEDIA6-ASN) (MEDIA6-ASN - Media6degrees)
5	2a00:1450:400... 2a00:1450:4001:816::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1	34.193.242.172 34.193.242.172	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
3	2606:4700::68... 2606:4700::6810:50a6	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY - Fastly)
1 1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:824::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	35.227.192.113 35.227.192.113	15169 (GOOGLE) (GOOGLE - Google LLC)
2 7	2600:1f14:cc5... 2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 3	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2620:109:c002... 2620:109:c002::6cae:a0a	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1	13.35.253.54 13.35.253.54	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 4	2600:1f14:cc5... 2600:1f14:cc5:8002:89f2:2f5b:cd6e:7e5d	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:81e::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
165	30

17 52.202.3.162 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-202-3-162.compute-1.amazonaws.com

www.scmagazine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 94.31.29.64 (United Kingdom)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
PTR: 94.31.29.64.IPYX-077437-ZYO.above.net

3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81a::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20bb:fe00:1b:fadc:b780:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

content.maropost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.216.163.165 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:817::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.120.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

scmagazineus.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

63 2606:4700:20::6819:5465 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

c.lytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81a::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.254.31 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-254-31.fra6.r.cloudfront.net

dnn506yrbagrg.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f14:cc5:8001:d778:4025:9131:ad36 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

api.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:eb:3b3::25ea (European Union)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20bb:ee00:18:1fcd:348:2461 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.2.197.202 (Englewood, United States) 2 redirects

ASN1422 (MEDIA6-ASN - Media6degrees, US)
PTR: action-e.pipelane.net

action.dstillery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 38.126.130.202 (United States)

ASN1422 (MEDIA6-ASN - Media6degrees, US)
PTR: action-s.pipelane.net

action.media6degrees.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:816::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.193.242.172 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-193-242-172.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:50a6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.64.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.192.113 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 113.192.227.35.bc.googleusercontent.com

api.lytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6 (United States) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

api-34-222-245-10.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:f500:10:101::b93f:9105 (Ireland) 2 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:109:c002::6cae:a0a (United States) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.54 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-54.fra6.r.cloudfront.net

media.scmagazine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f14:cc5:8002:89f2:2f5b:cd6e:7e5d (United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

api-52-12-92-209.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	lytics.io c.lytics.io api.lytics.io	53 KB
18	netdna-ssl.com 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com	207 KB
18	scmagazine.com www.scmagazine.com media.scmagazine.com	2 MB
14	b2c.com 3 redirects api.b2c.com api-34-222-245-10.b2c.com api-52-12-92-209.b2c.com	18 KB
11	doubleclick.net 1 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net	96 KB
6	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	224 KB
5	google-analytics.com 1 redirects www.google-analytics.com	32 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com	1 KB
4	googletagservices.com www.googletagservices.com	65 KB
3	disquscdn.com c.disquscdn.com	199 KB
3	disqus.com scmagazineus.disqus.com disqus.com	26 KB
3	gstatic.com fonts.gstatic.com	42 KB
3	amazonaws.com s3.amazonaws.com	568 KB
2	media6degrees.com action.media6degrees.com	616 B
2	dstillery.com 2 redirects action.dstillery.com	760 B
2	google.com 1 redirects adservice.google.com www.google.com	679 B
2	google.de adservice.google.de www.google.de	599 B
2	googleapis.com fonts.googleapis.com	976 B
1	chartbeat.net ping.chartbeat.net	168 B
1	chartbeat.com static.chartbeat.com	14 KB
1	licdn.com snap.licdn.com	5 KB
1	cloudfront.net dnn506yrbagrg.cloudfront.net	27 KB
1	maropost.com content.maropost.com	3 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
165	24

	Domain	Requested by
63	c.lytics.io	3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com c.lytics.io www.scmagazine.com
18	3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com	www.scmagazine.com 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
17	www.scmagazine.com	www.scmagazine.com 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
10	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.scmagazine.com
7	api-34-222-245-10.b2c.com	2 redirects www.scmagazine.com
5	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.scmagazine.com
5	www.google-analytics.com	1 redirects www.googletagmanager.com www.google-analytics.com www.scmagazine.com
4	api-52-12-92-209.b2c.com	1 redirects www.scmagazine.com
4	www.googletagservices.com	www.scmagazine.com securepubads.g.doubleclick.net
3	px.ads.linkedin.com	2 redirects www.scmagazine.com
3	c.disquscdn.com	scmagazineus.disqus.com
3	api.b2c.com	www.googletagmanager.com securepubads.g.doubleclick.net
3	fonts.gstatic.com	www.scmagazine.com 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
3	s3.amazonaws.com	www.scmagazine.com
2	api.lytics.io	c.lytics.io 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
2	action.media6degrees.com	www.scmagazine.com
2	action.dstillery.com	2 redirects
2	scmagazineus.disqus.com	3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
2	fonts.googleapis.com	www.scmagazine.com
1	pagead2.googlesyndication.com
1	media.scmagazine.com	www.scmagazine.com
1	www.linkedin.com	1 redirects
1	www.google.de	www.scmagazine.com
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	disqus.com	scmagazineus.disqus.com
1	ping.chartbeat.net	www.scmagazine.com
1	static.chartbeat.com	www.scmagazine.com
1	snap.licdn.com	www.scmagazine.com
1	dnn506yrbagrg.cloudfront.net	www.googletagmanager.com
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	content.maropost.com	www.scmagazine.com
1	www.googletagmanager.com	www.scmagazine.com
165	34

This site contains links to these domains. Also see Links.

Domain
risksecconference.com
www.scmagazineuk.com
resourcelibrary.scmagazine.com
twitter.com
www.facebook.com
www.linkedin.com
plus.google.com
reddit.com
www.crowdstrike.com
www.fireeye.com
blog.kryptoslogic.com
securingtomorrow.mcafee.com
www.youtube.com
media.scmagazine.com
subscribe.haymarketmedia.com

Subject Issuer	Validity	Valid
*.scmagazine.com Trusted Secure Certificate Authority 5	`2018-09-06` - `2019-09-06`	a year	crt.sh
*.netdna-ssl.com COMODO RSA Domain Validation Secure Server CA	`2018-02-28` - `2019-02-28`	a year	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
content.maropost.com Amazon	`2018-10-25` - `2019-11-25`	a year	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2018-12-03` - `2019-10-25`	a year	crt.sh
*.google.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2018-03-28` - `2020-04-27`	2 years	crt.sh
ssl379818.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-12-24` - `2019-07-02`	6 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2018-10-08` - `2019-10-09`	a year	crt.sh
*.b2c.com Go Daddy Secure Certificate Authority - G2	`2016-03-24` - `2019-03-24`	3 years	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2016-02-16` - `2019-04-17`	3 years	crt.sh
*.chartbeat.com Gandi Standard SSL CA 2	`2018-04-02` - `2019-04-18`	a year	crt.sh
dstillery.com COMODO RSA Domain Validation Secure Server CA	`2018-01-18` - `2021-04-17`	3 years	crt.sh
tpc.googlesyndication.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2018-12-20` - `2020-01-01`	a year	crt.sh
ssl565697.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-10-07` - `2019-04-15`	6 months	crt.sh
www.google.de Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.lytics.io RapidSSL TLS RSA CA G1	`2018-01-26` - `2020-01-06`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2017-06-06` - `2019-06-11`	2 years	crt.sh
scmagazine.com Amazon	`2018-11-08` - `2019-12-08`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Frame ID: 5E55E98CD1E145D25B66AA125400CB66
Requests: 146 HTTP requests in this frame

Frame: https://api.lytics.io/api/me/iframe/8514ca3b54284ee6e75983f95ff7262a/_uid/61738d628ea6913c4f8bd59a49e57964?segments=true&mergestate=true&ts=1547558712804
Frame ID: F6A156B3BAE1BA2D53C16810452E4698
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20190109/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 2E8320D25A04BF421F48BB359593AF4C
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20190109/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 9A568614AD0C4AA90DB1AA49B38D0318
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast/i

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /chartbeat\.js/i
env /^_sf_(?:endpt|async_config)$/i

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^CE2$/i

Disqus (Comment Systems) Expand

Overall confidence: 100%
Detected patterns

env /^DISQUS/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

env /^__google_ad_/i
env /^Goog_AdSense_/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
env /^googletag$/i
env /^google_tag_manager$/i

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^optimizely$/i

Twitter Emoji (Twemoji) (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

env /^twemoji$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

webpack (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

env /^webpackJsonp$/i

Page Statistics

165
Requests

98 %
HTTPS

64 %
IPv6

24
Domains

34
Subdomains

30
IPs

4
Countries

3467 kB
Transfer

5370 kB
Size

25
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://risksecconference.com/
Title: RiskSec 2019

Search URL Search Domain Scan URL

URL: https://www.scmagazineuk.com/
Title: SC UK

Search URL Search Domain Scan URL

URL: https://resourcelibrary.scmagazine.com/
Title: Resource Library

Search URL Search Domain Scan URL

URL: https://twitter.com/bbb1216bbb
Title: Follow @bbb1216bbb

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/&text=Ryuk%20ransomware%20linked%20to%20Emotet%20and%20TrickBot%20trojans;%20suspicions%20shift%20to%20cybercriminal%20group
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Title: Share on GooglePlus

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/&title=Ryuk%20ransomware%20linked%20to%20Emotet%20and%20TrickBot%20trojans;%20suspicions%20shift%20to%20cybercriminal%20group
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/
Title: Crowdstrike

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html
Title: FireEye

Search URL Search Domain Scan URL

URL: https://blog.kryptoslogic.com/malware/2019/01/10/dprk-emotet.html
Title: Kryptos Logic

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-ransomware-attack-rush-to-attribution-misses-the-point/
Title: McAfee Labs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SCMag/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/scmagazine
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/scmediaus/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SCMagazineUS
Title:

Search URL Search Domain Scan URL

URL: https://media.scmagazine.com/documents/356/edit_calendar_2018-2019_(1)_88909.pdf
Title: Editorial Calendar

Search URL Search Domain Scan URL

URL: https://subscribe.haymarketmedia.com/sub/?p=SCM&f=new
Title: Subscribe

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://action.dstillery.com/orbserv/nspix?adv=cl1024098&ns=2939&nc=CA_Technologies_SC_Readers&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount] HTTP 302
https://action.media6degrees.com/orbserv/nspix?adv=cl1024098&ns=2939&nc=CA_Technologies_SC_Readers&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]

Request Chain 44

https://action.dstillery.com/orbserv/nspix?adv=cl1023384&ns=2890&nc=ForcePoint_SC_Readers_Extended_Network&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount] HTTP 302
https://action.media6degrees.com/orbserv/nspix?adv=cl1023384&ns=2890&nc=ForcePoint_SC_Readers_Extended_Network&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]

Request Chain 55

https://www.google-analytics.com/r/collect?v=1&_v=j72&a=138247600&t=pageview&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&ul=en-us&de=UTF-8&dt=Ryuk%20ransomware%20linked%20to%20Emotet%20and%20TrickBot%20trojans%3B%20suspicions%20shift%20to%20cybercriminal%20group%20%7C%20SC%20Media&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAAAADQ~&jid=85174195&gjid=269044710&cid=623046801.1547558713&tid=UA-1290429-10&_gid=1968946447.1547558713&_r=1&gtm=2wgbc0W475TQW&cd1=91903%3A0&cd2=&cd3=&cd4=85&cd5=post&cd6=&cd7=home&cd8=news&cd9=ryuk%20ransomware%20linked%20to%20emotet%20and%20trickbot%20trojans%3B%20suspicions%20shift%20to%20cybercriminal%20group&cd11=omn&cd12=76&cd14=false&cd15=false&cd16=false&cd17=&cd18=0&cd19=&cd31=&cd32=&cd33=&cd34=Bradley%20Barth&cd35=News&cd36=&cd37=undefined&cd38=undefined&cd39=undefined&cd40=&cd41=&cd42=&cd43=&cd46=&cd48=&cd50=&cd55=&cd56=11&cd57=&cd58=&cd61=false&cd62=01%2F12%2F2019&cd63=536&cd67=undef&cd70=false&z=2048006006 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1290429-10&cid=623046801.1547558713&jid=85174195&_gid=1968946447.1547558713&gjid=269044710&_v=j72&z=2048006006 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=623046801.1547558713&jid=85174195&_v=j72&z=2048006006 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=623046801.1547558713&jid=85174195&_v=j72&z=2048006006&slf_rd=1&random=195996872

Request Chain 123

https://px.ads.linkedin.com/collect/?time=1547558713221&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&fmt=js&s=1 HTTP 302
https://px.ads.linkedin.com/collect/?time=1547558713221&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&fmt=js&s=1&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1547558713221%26pid%3D68780%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%252Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%252F%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1547558713221&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&fmt=js&s=1&cookiesTest=true&liSync=true

Request Chain 124

https://api-34-222-245-10.b2c.com/api/x?684heTeBhPjYyTIg$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3J5dWstcmFuc29td2FyZS1saW5rZWQtdG8tZW1vdGV0LWFuZC10cmlja2JvdC10cm9qYW5zLXN1c3BpY2lvbnMtc2hpZnQtdG8tY3liZXJjcmltaW5hbC1ncm91cC8iLCJyZWZlcnJlciQwJCIsImFuY2VzdG9yT3JpZ2lucyQwJCIsInZpZGVvJDAkMTYwMHgxMjAweDI0IiwiZnJhbWUkMCQwIiwiaGlkZGVuJDAkMCIsInZpc2liaWxpdHlTdGF0ZSQwJHZpc2libGUiLCJoYXNGb2N1cyQwJDEiLCJ3aW5kb3ckMCQxNTg1eDEyMDAiLCJpbm5lciQwJDE2MDB4MTIwMCIsIm91dGVyJDAkMTYwMHgxMjAwIiwibG9jYWxTdG9yYWdlJDAkRXJyb3I6IFR5cGVFcnJvcjogQ2Fubm90IHJlYWQgcHJvcGVydHkgJ3NldEl0ZW0nIG9mIG51bGwiLCJzZXNzaW9uU3RvcmFnZSQxJDEiLCJhcHBDb2RlTmFtZSQxJE1vemlsbGEiLCJhcHBOYW1lJDEkTmV0c2NhcGUiLCJhcHBWZXJzaW9uJDEkNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzEzXzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82Ny4wLjMzOTYuODcgU2FmYXJpLzUzNy4zNiIsImNvb2tpZUVuYWJsZWQkMSR0cnVlIiwiZG9Ob3RUcmFjayQxJCIsImhhcmR3YXJlQ29uY3VycmVuY3kkMSQ4IiwibGFuZ3VhZ2UkMSRlbi1VUyIsInBsYXRmb3JtJDEkTGludXggeDg2XzY0IiwicHJvZHVjdCQxJEdlY2tvIiwicHJvZHVjdFN1YiQxJDIwMDMwMTA3Iiwic2VuZEJlYWNvbiQxJDEiLCJ1c2VyQWdlbnQkMSRNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xM181KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjcuMC4zMzk2Ljg3IFNhZmFyaS81MzcuMzYiLCJ2ZW5kb3IkMSRHb29nbGUgSW5jLiIsInZlbmRvclN1YiQxJCIsImZvbnRyZW5kZXIkMiQxIiwid2ViZ2wkMiRuL2EiLCJ0aW1lJDMkMTU0NzU1ODcxMzA0MCIsInRpbWV6b25lJDMkMCIsInBsdWdpbnMkMyROb25lIiwibWVtLXRvdGFsSlNIZWFwU2l6ZSQzJDE2LjA2NTQxNiIsIm1lbS11c2VkSlNIZWFwU2l6ZSQzJDExLjkzNDYiLCJtZW0tanNIZWFwU2l6ZUxpbWl0JDMkMjIxNy44NTc5ODgiLCJ0aW1lLWRvbWFpbkxvb2t1cFN0YXJ0JDMkMSIsInRpbWUtZG9tYWluTG9va3VwRW5kJDMkNjUiLCJ0aW1lLWNvbm5lY3RTdGFydCQzJDY1IiwidGltZS1jb25uZWN0RW5kJDMkMjg0IiwidGltZS1zZWN1cmVDb25uZWN0aW9uU3RhcnQkMyQxNzEiLCJ0aW1lLXJlcXVlc3RTdGFydCQzJDI4NCIsInRpbWUtcmVzcG9uc2VTdGFydCQzJDUwMCIsInRpbWUtcmVzcG9uc2VFbmQkMyQ1MDEiLCJ0aW1lLWRvbUxvYWRpbmckMyQ1MDYiLCJ0aW1lLWRvbUludGVyYWN0aXZlJDMkNzU3IiwibmF2aWdhdGlvbi1yZWRpcmVjdENvdW50JDMkMCIsIm5hdmlnYXRpb24tdHlwZSQzJG5hdmlnYXRlIiwiZ2xvYmFscy10aW1lJDYkMC40IiwiZ2xvYmFscyQ3JGYzNGVmZDk5IiwiZG9jdW1lbnQtdGltZSQxMCQwLjQiLCJkb2N1bWVudCQxMCQ0MDNkYjVjNiIsImNvbm5lY3Rpb24kMTAkIiwiZG93bmxpbmtNYXgkMTAkIiwiZ2V0VXNlck1lZGlhJDEwJDIiLCJjbG9jayQxNSQ0Nzc0IiwiYmF0dGVyeSQxNiQxIDEgMCBJbmZpbml0eSIsImludGVyc2VjdGlvbi1zaXplJDE4JDE1ODV4MTIwMCIsImludGVyc2VjdGlvbiQxOCQ0MyIsImF1ZGlvY29udGV4dCQyMiQ5NmUxNGJlZiIsInNvcnQkNTAkMTMiLCJmcmFtZXJhdGUkMTI2JDkw HTTP 302
https://api-34-222-245-10.b2c.com:444/api/4?684heTeBhPjYyTIg

Request Chain 158

https://api-52-12-92-209.b2c.com/api/x?80pVQvgnfEYnSP4T$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3J5dWstcmFuc29td2FyZS1saW5rZWQtdG8tZW1vdGV0LWFuZC10cmlja2JvdC10cm9qYW5zLXN1c3BpY2lvbnMtc2hpZnQtdG8tY3liZXJjcmltaW5hbC1ncm91cC8iLCJyZWZlcnJlciQwJCIsImFuY2VzdG9yT3JpZ2lucyQwJGh0dHBzOi8vd3d3LnNjbWFnYXppbmUuY29tIiwidmlkZW8kMCQxNjAweDEyMDB4MjQiLCJmcmFtZSQwJDEiLCJoaWRkZW4kMCQwIiwidmlzaWJpbGl0eVN0YXRlJDAkdmlzaWJsZSIsImhhc0ZvY3VzJDAkMCIsIndpbmRvdyQwJDcyOHg5MCIsImlubmVyJDAkNzI4eDkwIiwib3V0ZXIkMSQxNjAweDEyMDAiLCJsb2NhbFN0b3JhZ2UkMSRFcnJvcjogVHlwZUVycm9yOiBDYW5ub3QgcmVhZCBwcm9wZXJ0eSAnc2V0SXRlbScgb2YgbnVsbCIsInNlc3Npb25TdG9yYWdlJDEkMSIsImFwcENvZGVOYW1lJDEkTW96aWxsYSIsImFwcE5hbWUkMSROZXRzY2FwZSIsImFwcFZlcnNpb24kMSQ1LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTNfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzY3LjAuMzM5Ni44NyBTYWZhcmkvNTM3LjM2IiwiY29va2llRW5hYmxlZCQxJHRydWUiLCJkb05vdFRyYWNrJDEkIiwiaGFyZHdhcmVDb25jdXJyZW5jeSQxJDgiLCJsYW5ndWFnZSQxJGVuLVVTIiwicGxhdGZvcm0kMSRMaW51eCB4ODZfNjQiLCJwcm9kdWN0JDEkR2Vja28iLCJwcm9kdWN0U3ViJDEkMjAwMzAxMDciLCJzZW5kQmVhY29uJDEkMSIsInVzZXJBZ2VudCQxJE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzEzXzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82Ny4wLjMzOTYuODcgU2FmYXJpLzUzNy4zNiIsInZlbmRvciQxJEdvb2dsZSBJbmMuIiwidmVuZG9yU3ViJDEkIiwiZm9udHJlbmRlciQyJDEiLCJ3ZWJnbCQzJG4vYSIsInRpbWUkMyQxNTQ3NTU4NzEzNTQ3IiwidGltZXpvbmUkMyQwIiwicGx1Z2lucyQzJE5vbmUiLCJtZW0tdG90YWxKU0hlYXBTaXplJDMkMjcuMjA3NDU2IiwibWVtLXVzZWRKU0hlYXBTaXplJDMkMjAuMjUyNjgiLCJtZW0tanNIZWFwU2l6ZUxpbWl0JDMkMjIxNy44NTc5ODgiLCJ0aW1lLXJlc3BvbnNlRW5kJDMkMTUiLCJ0aW1lLWRvbUxvYWRpbmckMyQxNiIsInRpbWUtZG9tSW50ZXJhY3RpdmUkMyQxNiIsInRpbWUtZG9tQ29udGVudExvYWRlZEV2ZW50U3RhcnQkMyQxNiIsInRpbWUtZG9tQ29udGVudExvYWRlZEV2ZW50RW5kJDMkMTYiLCJ0aW1lLWRvbUNvbXBsZXRlJDMkMTYiLCJ0aW1lLWxvYWRFdmVudFN0YXJ0JDMkMTYiLCJ0aW1lLWxvYWRFdmVudEVuZCQzJDE2IiwibmF2aWdhdGlvbi1yZWRpcmVjdENvdW50JDMkMCIsIm5hdmlnYXRpb24tdHlwZSQzJG5hdmlnYXRlIiwiZ2xvYmFscy10aW1lJDgkMC43IiwiZ2xvYmFscyQ4JGYzNGVmZDk5IiwiZG9jdW1lbnQtdGltZSQxMiQwLjQiLCJkb2N1bWVudCQxMyQ0MDNkYjVjNiIsImNvbm5lY3Rpb24kMTMkIiwiZG93bmxpbmtNYXgkMTMkIiwiZ2V0VXNlck1lZGlhJDEzJDIiLCJjbG9jayQxOCQ0MTE5IiwiaW50ZXJzZWN0aW9uLXNpemUkMjMkMTU4NXgxMjAwIiwiaW50ZXJzZWN0aW9uLWVudGVyJDIzJDAuNXgwIDcyOHgwIiwiaW50ZXJzZWN0aW9uJDIzJDEwMCIsImJhdHRlcnkkMjMkMSAxIDAgSW5maW5pdHkiLCJhdWRpb2NvbnRleHQkMjYkOTZlMTRiZWYiLCJzb3J0JDU0JDE0IiwiZnJhbWVyYXRlJDExOCQ4MA HTTP 302
https://api-52-12-92-209.b2c.com:444/api/4?80pVQvgnfEYnSP4T

Request Chain 160

https://api-34-222-245-10.b2c.com/api/x?H6nTraLOzwaiUdWw$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3J5dWstcmFuc29td2FyZS1saW5rZWQtdG8tZW1vdGV0LWFuZC10cmlja2JvdC10cm9qYW5zLXN1c3BpY2lvbnMtc2hpZnQtdG8tY3liZXJjcmltaW5hbC1ncm91cC8iLCJyZWZlcnJlciQwJCIsImFuY2VzdG9yT3JpZ2lucyQwJGh0dHBzOi8vd3d3LnNjbWFnYXppbmUuY29tIiwidmlkZW8kMCQxNjAweDEyMDB4MjQiLCJmcmFtZSQwJDEiLCJoaWRkZW4kMCQwIiwidmlzaWJpbGl0eVN0YXRlJDAkdmlzaWJsZSIsImhhc0ZvY3VzJDAkMCIsIndpbmRvdyQwJDcyOHg5MCIsImlubmVyJDAkNzI4eDkwIiwib3V0ZXIkMCQxNjAweDEyMDAiLCJsb2NhbFN0b3JhZ2UkMCRFcnJvcjogVHlwZUVycm9yOiBDYW5ub3QgcmVhZCBwcm9wZXJ0eSAnc2V0SXRlbScgb2YgbnVsbCIsInNlc3Npb25TdG9yYWdlJDAkMSIsImFwcENvZGVOYW1lJDEkTW96aWxsYSIsImFwcE5hbWUkMSROZXRzY2FwZSIsImFwcFZlcnNpb24kMSQ1LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTNfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzY3LjAuMzM5Ni44NyBTYWZhcmkvNTM3LjM2IiwiY29va2llRW5hYmxlZCQxJHRydWUiLCJkb05vdFRyYWNrJDEkIiwiaGFyZHdhcmVDb25jdXJyZW5jeSQxJDgiLCJsYW5ndWFnZSQxJGVuLVVTIiwicGxhdGZvcm0kMSRMaW51eCB4ODZfNjQiLCJwcm9kdWN0JDEkR2Vja28iLCJwcm9kdWN0U3ViJDEkMjAwMzAxMDciLCJzZW5kQmVhY29uJDEkMSIsInVzZXJBZ2VudCQxJE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzEzXzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82Ny4wLjMzOTYuODcgU2FmYXJpLzUzNy4zNiIsInZlbmRvciQxJEdvb2dsZSBJbmMuIiwidmVuZG9yU3ViJDEkIiwiZm9udHJlbmRlciQyJDEiLCJ3ZWJnbCQyJG4vYSIsInRpbWUkMiQxNTQ3NTU4NzEzNjExIiwidGltZXpvbmUkMiQwIiwicGx1Z2lucyQyJE5vbmUiLCJtZW0tdG90YWxKU0hlYXBTaXplJDIkMzAuNTMzMDQiLCJtZW0tdXNlZEpTSGVhcFNpemUkMiQyMy45ODI1MzYiLCJtZW0tanNIZWFwU2l6ZUxpbWl0JDIkMjIxNy44NTc5ODgiLCJ0aW1lLXJlc3BvbnNlRW5kJDIkMTgiLCJ0aW1lLWRvbUxvYWRpbmckMiQxOCIsInRpbWUtZG9tSW50ZXJhY3RpdmUkMiQxOSIsInRpbWUtZG9tQ29udGVudExvYWRlZEV2ZW50U3RhcnQkMiQxOSIsInRpbWUtZG9tQ29udGVudExvYWRlZEV2ZW50RW5kJDIkMTkiLCJ0aW1lLWRvbUNvbXBsZXRlJDIkMTkiLCJ0aW1lLWxvYWRFdmVudFN0YXJ0JDIkMTkiLCJ0aW1lLWxvYWRFdmVudEVuZCQyJDE5IiwibmF2aWdhdGlvbi1yZWRpcmVjdENvdW50JDMkMCIsIm5hdmlnYXRpb24tdHlwZSQzJG5hdmlnYXRlIiwiZ2xvYmFscy10aW1lJDYkMC4zIiwiZ2xvYmFscyQ3JGYzNGVmZDk5IiwiZG9jdW1lbnQtdGltZSQxMCQwLjUiLCJkb2N1bWVudCQxMCQ0MDNkYjVjNiIsImNvbm5lY3Rpb24kMTEkIiwiZG93bmxpbmtNYXgkMTEkIiwiZ2V0VXNlck1lZGlhJDExJDIiLCJjbG9jayQxNSQ0ODEyIiwiaW50ZXJzZWN0aW9uLXNpemUkMTkkMTU4NXgxMjAwIiwiYmF0dGVyeSQxOSQxIDEgMCBJbmZpbml0eSIsImFkYmxvY2skMjAkMCIsImF1ZGlvY29udGV4dCQyNiQ5NmUxNGJlZiIsInNvcnQkNTAkMTMiLCJmcmFtZXJhdGUkMTE5JDgw HTTP 302
https://api-34-222-245-10.b2c.com:444/api/4?H6nTraLOzwaiUdWw

165 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/ 81 KB
23 KB 500ms
215ms Document
text/html 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: dceac02701ae266bf45b0e4e00e1071874ac32c75c241a8b64224c879e6783aa

Request headers

:method: GET
:authority: www.scmagazine.com
:scheme: https
:path: /home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
server: nginx
date: Tue, 15 Jan 2019 13:25:12 GMT
content-type: text/html; charset=UTF-8
link: <https://www.scmagazine.com/wp-json/>; rel="https://api.w.org/" <https://www.scmagazine.com/?p=91903>; rel=shortlink
wpe-backend: apache
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
vary: Accept-Encoding,Cookie,X-WPENGINE-SEGMENT
x-cache: HIT: 1
x-pass-why
x-cache-group: normal
x-type: default
x-wpengine-segment: NONHT
content-encoding: gzip

GET
H2 200 style.css
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/plugins/gutenberg/build/block-library/ 25 KB
5 KB 58ms
8ms Stylesheet
text/css 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=1547479432
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 7d0277bee65c500f7f77ac5c79d8d0bec16a6d62927046f9e074f1ca03a950ff

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 15:23:52 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c3ca988-6254"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
status: 200
cache-control: public, max-age=2592000

GET
H2 200 shared-style.min.css
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/ 48 KB
8 KB 71ms
21ms Stylesheet
text/css 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/shared-style.min.css?ver=1547479433
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 6cdf96f1971da4e18b082c7ef4566487a61af2d63808502aa8a2928e978c7cff

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 15:23:53 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c3ca989-be3d"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
status: 200
cache-control: public, max-age=2592000

GET
H2 200 style.min.css
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/ 232 KB
40 KB 64ms
14ms Stylesheet
text/css 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/style.min.css?ver=1547479433
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 5d4379d07fb5c604e26d20550736e80690d1dce29fa7a6ba53ea2116c9ac3686

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 15:23:53 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c3ca989-3a035"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
status: 200
cache-control: public, max-age=2592000

GET
H2 200 css
fonts.googleapis.com/ 3 KB
567 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:821::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

9e01cd9d5c99f2550fff5002f1b7fcc1402aa88b84f471214b032a7cde0f42b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 15 Jan 2019 13:25:12 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 15 Jan 2019 13:25:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 1; mode=block
expires: Tue, 15 Jan 2019 13:25:12 GMT

GET
H2 200 css
fonts.googleapis.com/ 825 B
409 B 26ms
24ms Stylesheet
text/css 2a00:1450:4001:821::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Bree+Serif&ver=0.1.1

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

d81693e5223b90ea36864037425e93f89fd2a25286e7b92a2a743c10afc0ea8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 15 Jan 2019 13:25:12 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 15 Jan 2019 13:25:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 1; mode=block
expires: Tue, 15 Jan 2019 13:25:12 GMT

GET
H2 200 jquery.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-includes/js/jquery/ 95 KB
39 KB 73ms
23ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 23 May 2016 09:00:29 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5742c6ad-17ba0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 jquery-migrate.min.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-includes/js/jquery/ 10 KB
4 KB 80ms
31ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"573eaa90-2748"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 cookie.min.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/mu-plugins/cookie-controller/js/ 2 KB
1 KB 79ms
30ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/mu-plugins/cookie-controller/js/cookie.min.js?ver=1.2
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: e828282e92509efc0f7bc57888382c5816bd403e0abbb685eda5c4372cc7daa5

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/backed
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Tue, 04 Dec 2018 13:53:05 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c0686c1-834"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 UtilityMove-custom.min.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/vendor/ 2 KB
1 KB 74ms
25ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1547479433
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: cffef365e4b53f1a6e9d33a7d42c0d1542b573360f774069589240f75f0e84f1

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 15:23:53 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c3ca989-751"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 polyfill.min.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/js/frontend/ 102 KB
39 KB 76ms
27ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/js/frontend/polyfill.min.js?ver=1547479433
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 15:23:53 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c3ca989-19873"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 28 KB
10 KB 66ms
40ms Script
text/javascript 2a00:1450:4001:81a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

2a1050d2c64f0de25ac5c27595aefe9114d0bf5adba85fea917e8db9d3397bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "52 / 822 of 1000 / last-modified: 1547284255"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 9742
x-xss-protection: 1; mode=block
expires: Tue, 15 Jan 2019 13:25:12 GMT

GET
H2 200 ads.min.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/ 8 KB
4 KB 78ms
30ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/ads.min.js?ver=1547479433
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 9c0dcfa50d9dda31a3c0e3ec9124719b7e8b633a5772734a304ab31cc9ee1012

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 15:23:53 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c3ca989-21f9"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 cropped-logo_sc.png
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/uploads/sites/4/2018/10/ 6 KB
7 KB 23ms
23ms Image
image/png 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/uploads/sites/4/2018/10/cropped-logo_sc.png
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 85275cd1867120d7ef0933ca546bdb9517396ed706b40683c247c55ae0ef4a02

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
last-modified: Mon, 01 Oct 2018 13:46:31 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: "5bb22537-19b2"
vary: Accept-Encoding
x-cache: HIT
content-type: image/png
status: 200
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 6578

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 119 KB
35 KB 19ms
17ms Script
application/javascript 2a00:1450:4001:81f::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W475TQW

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

70c5d6d2e460ea57a37f4f9cdfb8569808e4ec404384c6a4c61903494af4fac0

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 35350
x-xss-protection: 1; mode=block
expires: Tue, 15 Jan 2019 13:25:12 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.scmagazine.com/wp-includes/js/ 12 KB
5 KB 112ms
110ms Script
application/x-javascript 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.9
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=4.9.9
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Fri, 13 Jul 2018 06:37:26 GMT
server: nginx
status: 200
etag: W/"5b4848a6-2efa"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000

GET
H2 200 usransomware_1212404-5-150x150.jpg
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/uploads/sites/4/2018/07/ 8 KB
9 KB 11ms
9ms Image
image/jpeg 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/uploads/sites/4/2018/07/usransomware_1212404-5-150x150.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: f26d8b636354c0bf3b056e56137765098fa5b4fa8363ec0364265b6740fc726d

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
last-modified: Tue, 04 Sep 2018 19:13:00 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: "5b8ed93c-21b5"
vary: Accept-Encoding
x-cache: HIT
content-type: image/jpeg
status: 200
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 8629

GET
H2 200 2b6d39d680de90da3cea5ebacea7f74c744475a9-v3.js Show response
content.maropost.com/uploads/1325/websites/1/ 3 KB
3 KB 56ms
12ms Script
text/plain 2600:9000:20bb:fe00:1b:fadc:b780:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.maropost.com/uploads/1325/websites/1/2b6d39d680de90da3cea5ebacea7f74c744475a9-v3.js?ver=1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:fe00:1b:fadc:b780:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0c7e4012cb73f8c0836fa8aee34bb0da2250b5af84d0c4a1959d60764597f05a

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 13 Dec 2018 22:36:55 GMT
via: 1.1 c485b2484179f34bcbf59c066cc32b54.cloudfront.net (CloudFront)
last-modified: Thu, 13 Dec 2018 20:46:06 GMT
server: AmazonS3
age: 3823
etag: "33bca5680760348835deea8e5dcbdb62"
x-cache: Hit from cloudfront
status: 200
accept-ranges: bytes
content-length: 2565
x-amz-cf-id: aA0UjfyoRI0epeWzkUEXXekxi6Zc87m5koPumCakC_nOu2PVVyegvQ==

GET
H2 200 comment_count.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/plugins/disqus-comment-system/public/js/ 889 B
706 B 12ms
12ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.16
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Tue, 04 Dec 2018 13:53:05 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c0686c1-379"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 blocks.min.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/ 7 KB
3 KB 8ms
7ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/blocks.min.js?ver=1547479433
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 0012086c8c7df7412311b891151120a65eed7b17f3087d74a7759ea4a04e1048

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 15:23:53 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c3ca989-1b05"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H/1.1 200
OK hmi-registration-ui.manifest.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 798 B
1 KB 401ms
109ms Script
application/javascript 52.216.163.165
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.manifest.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.163.165 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d90939dba16916ae487a09245dfb95ea74654b16d67d90e2621e3ac0be0cef0

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:13 GMT
Last-Modified: Mon, 15 Oct 2018 20:26:50 GMT
Server: AmazonS3
x-amz-request-id: 2D43D4CDD3798D85
ETag: "4676462bfbf5747529591ea2816a9e0c"
Content-Type: application/javascript
Content-Length: 798
Accept-Ranges: bytes
x-amz-version-id: aa1qYVgW8eodFc4jYFkqbEDjCFwr8xhk
x-amz-id-2: xhh7g7LFlJ5O8qW3bJ1Du4HRkooeidSMYhjBFERSZ6vwsjbcs1H6cOlCVjgxf50ixUXgNQ+d8s8=

GET
H/1.1 200
OK hmi-registration-ui.vendor.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 337 KB
337 KB 410ms
111ms Script
application/javascript 52.216.163.165
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.vendor.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.163.165 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8bae7cef80b02cbd43ee0dabd82eb220e8c73a346ba1bb08d054cfbe28e6169c

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:13 GMT
Last-Modified: Mon, 15 Oct 2018 20:26:50 GMT
Server: AmazonS3
x-amz-request-id: F1AA39A7A3E5491E
ETag: "940f06529a231889290ff03414b910f4"
Content-Type: application/javascript
Content-Length: 345126
Accept-Ranges: bytes
x-amz-version-id: jWIaOb1W5tS9A2HbgRg6Sw_DvU.LyJ5O
x-amz-id-2: iKtN1Kon1oIuascd7fOtIirrstPiwhSDHdD/8xnDbBoSqenvYM8y/Nb4WxJgWxd2TksJHZjIeIc=

GET
H/1.1 200
OK hmi-registration-ui.bundle.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 229 KB
230 KB 487ms
168ms Script
application/javascript 52.216.163.165
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.bundle.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.163.165 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 81e0f70e395a7cec7727337abaa67573acf708bd7ee8ebb8600abfd186b4ffdb

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:13 GMT
Last-Modified: Mon, 15 Oct 2018 20:26:50 GMT
Server: AmazonS3
x-amz-request-id: F08ADB9210398AF2
ETag: "68a903ebb59146d13403e4d0d3680c8c"
Content-Type: application/javascript
Content-Length: 234716
Accept-Ranges: bytes
x-amz-version-id: Ar8AinYoKtFMReHv_.76RVycj2A8DiiV
x-amz-id-2: vZjF85GXNwvIKeI5uLHjHlhJj2IQ1nqEPN9YR8ZNBIHhNxbfvvCQcQDjA6NMs7i7KimORisIAWY=

GET
H2 200 frontend.min.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/ 130 KB
41 KB 10ms
9ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1547479433
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 81206a2b6d6df9c3e82f9a0d8521582d84506a8a58b665135b177773829de18e

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 15:23:53 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c3ca989-20667"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 iab.min.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/ 8 KB
2 KB 9ms
7ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1547479433
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: e38c283cf693ccc86f81942e7cae20849f0cfd639bfd5e7362677d91e8f0d4b5

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 15:23:53 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c3ca989-1ecd"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 comment_embed.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/plugins/disqus-comment-system/public/js/ 1 KB
772 B 10ms
8ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=4.9.9
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Tue, 04 Dec 2018 13:53:05 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c0686c1-47e"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 wp-embed.min.js Show response
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-includes/js/ 1 KB
1017 B 10ms
9ms Script
application/x-javascript 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-includes/js/wp-embed.min.js?ver=4.9.9
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Fri, 31 Aug 2018 06:29:28 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5b88e048-57b"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: public, max-age=2592000

GET
H2 200 src.svg
www.scmagazine.com/wp-content/themes/haymarket/assets/svg/ 22 KB
8 KB 113ms
112ms Other
image/svg+xml 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1547479433
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 23cb9fdd7a714263e5315f0053df60afb2b597f399d64497d4123d211686ef3d

Request headers

:path: /wp-content/themes/haymarket/assets/svg/src.svg?ver=1547479433
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 15:23:53 GMT
server: nginx
status: 200
etag: W/"5c3ca989-5929"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=2592000

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
490 B 51ms
16ms Script
application/javascript 2a00:1450:4001:809::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.scmagazine.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:809::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
490 B 44ms
16ms Script
application/javascript 2a00:1450:4001:81a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.scmagazine.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 pubads_impl_287.js Show response
securepubads.g.doubleclick.net/gpt/ 184 KB
63 KB 91ms
42ms Script
text/javascript 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

sffe /

Resource Hash

9f45ff23beda15b136534fc1bfa236b26cc727e444b026815dedcb0f9e8ac9e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Jan 2019 18:15:14 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 64202
x-xss-protection: 1; mode=block
expires: Tue, 15 Jan 2019 13:25:12 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v14/ 14 KB
14 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:817::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:817::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

52726fb580d6bffc46615863ddbf4c319524b5a68fb484be2972bdad4fd0310d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
Origin: https://www.scmagazine.com

Response headers

date: Thu, 20 Dec 2018 22:02:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:23:20 GMT
server: sffe
age: 2215388
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13944
x-xss-protection: 1; mode=block
expires: Fri, 20 Dec 2019 22:02:04 GMT

GET
H2 200 chevron-right-white.svg
3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src/ 190 B
416 B 8ms
7ms Image
image/svg+xml 94.31.29.64
Highwinds Network...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src/chevron-right-white.svg
Requested by: Host: 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1547479433
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 8e0da2e2d764c1a202d33dd39287784df8ac6bc20c7401ea14f2d62001292856

Request headers

Referer: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/style.min.css?ver=1547479433
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
last-modified: Tue, 04 Dec 2018 13:53:05 GMT
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"5c0686c1-be"
vary: Accept-Encoding
x-cache: HIT
content-type: image/svg+xml
status: 200
cache-control: public, max-age=2592000

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v14/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:817::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1547479433

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:817::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a3b3c4f67bf2b44294215e2be76f12794e6b142edec201e199c93c38739f2bfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
Origin: https://www.scmagazine.com

Response headers

date: Thu, 03 Jan 2019 03:31:30 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:24:00 GMT
server: sffe
age: 1072422
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14076
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2020 03:31:30 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v14/ 14 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:817::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:817::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

155ef7601d4af029d8b6f3efa4ed4984748ea0a36c85f038f129ffdc6fb83b66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
Origin: https://www.scmagazine.com

Response headers

date: Fri, 21 Dec 2018 05:54:59 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:23:01 GMT
server: sffe
age: 2187013
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14824
x-xss-protection: 1; mode=block
expires: Sat, 21 Dec 2019 05:54:59 GMT

GET
H/1.1 200
OK count.js Show response
scmagazineus.disqus.com/ 1 KB
1 KB 343ms
260ms Script
application/javascript 151.101.120.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://scmagazineus.disqus.com/count.js

Requested by

Host: 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.16

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.120.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 711691
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 04 Jan 2019 21:31:02 GMT
Server: nginx
ETag: "5c2fd096-367"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=86400
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect

GET
H2 200 lio.js Show response
c.lytics.io/api/tag/8514ca3b54284ee6e75983f95ff7262a/ 44 KB
11 KB 186ms
131ms Script
application/javascript 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/api/tag/8514ca3b54284ee6e75983f95ff7262a/lio.js
Requested by: Host: 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1547479433
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29524d2058638455c86eeb2e1e99102f41a9b80aea82e8399d9827600242b825

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
via: 1.1 google
cf-cache-status: EXPIRED
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
content-encoding: br
cache-control: public, max-age=14400
cf-ray: 4998aac0ea2bbed0-FRA
expires: Tue, 15 Jan 2019 17:25:12 GMT

GET
H2 200 sso Show response
www.scmagazine.com/wp-json/haymarket/v1/ 22 B
324 B 467ms
467ms XHR
application/json 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-json/haymarket/v1/sso

Requested by

Host: 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1547479433

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-202-3-162.compute-1.amazonaws.com

Software

nginx /

Resource Hash

645eb3a415d000eb6c932bc1042338ade68efb205783184c59aeca8bfb2da121

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-json/haymarket/v1/sso
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: nocachepath
date: Tue, 15 Jan 2019 13:25:12 GMT
x-content-type-options: nosniff
wpe-backend: apache
server: nginx
link: <https://www.scmagazine.com/wp-json/>; rel="https://api.w.org/"
allow: GET
content-type: application/json; charset=UTF-8
status: 200
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
x-robots-tag: noindex
access-control-allow-headers: Authorization, Content-Type
content-length: 22

GET
H/1.1 200
OK embed.js Show response
scmagazineus.disqus.com/ 65 KB
22 KB 87ms
20ms Script
application/javascript 151.101.120.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://scmagazineus.disqus.com/embed.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.120.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

openresty /

Resource Hash

8a6aa1464d7bb329d2f5d5baf8f6dc279d5c67d893cfaba76729508ecfa72dd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:12 GMT
Content-Encoding: gzip
Server: openresty
Age: 24
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 21774

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81a::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W475TQW

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Nov 2018 21:10:09 GMT
server: Golfe2
age: 2166
date: Tue, 15 Jan 2019 12:49:06 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17404
expires: Tue, 15 Jan 2019 14:49:06 GMT

GET
H/1.1 200
OK 7341.js Show response
dnn506yrbagrg.cloudfront.net/pages/scripts/0034/ 84 KB
27 KB 366ms
365ms Script
application/x-javascript 13.35.254.31
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dnn506yrbagrg.cloudfront.net/pages/scripts/0034/7341.js?429877
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W475TQW
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.31 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-254-31.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e8b24bdfb79346b70c79e4e3243ac780ea3f48af2f234f4b14b8b6e30aed9fff

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:13 GMT
Content-Encoding: gzip
Last-Modified: Fri, 04 Jan 2019 22:14:44 GMT
Server: AmazonS3
Vary: Accept-Encoding
X-Cache: RefreshHit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b9.cloudfront.net (CloudFront)
Cache-Control: max-age=180
Transfer-Encoding: chunked
Connection: keep-alive
X-Amz-Cf-Id: 4lWj36jJ_9JtVIwLg8SUl8RB-_0XLNJ6fUxtYnj6WbF7ES5u875pGQ==

GET
H2 200 init-131xlxqjsfx7lh82dpc.js Show response
api.b2c.com/api/ 12 KB
5 KB 539ms
192ms Script
text/javascript 2600:1f14:cc5:8001:d778:4025:9131:ad36
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.b2c.com/api/init-131xlxqjsfx7lh82dpc.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W475TQW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8001:d778:4025:9131:ad36 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: df797579f863fc54e861f7d8783b486daa5caba25162a593c4c1ee4e1acd0704

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
server: openresty
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate
expires: -1

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 15 KB
5 KB 49ms
7ms Script
application/x-javascript 2a02:26f0:eb:3b3::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:eb:3b3::25ea , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:12 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Dec 2018 23:03:30 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=9325
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 35 KB
14 KB 55ms
9ms Script
application/x-javascript 2600:9000:20bb:ee00:18:1fcd:348:2461
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:ee00:18:1fcd:348:2461 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: ca5327697815bc7ac6c0073c5b4fbf2f260954bd1a9d5d48d13d5839e918c4bb

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:05:02 GMT
content-encoding: gzip
last-modified: Fri, 11 Jan 2019 03:58:12 GMT
server: nginx
age: 1210
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=86400
x-amz-cf-id: jOc_T8VaJplhigMGDSBWjJFxS-rGkGSHivLMWgSrefgTQOIPgDzlYQ==
via: 1.1 df874ca0e51df630ccc49eab9f1f7fb3.cloudfront.net (CloudFront)
expires: Wed, 16 Jan 2019 13:05:02 GMT

GET
H/1.1

200
OK

nspix
action.media6degrees.com/orbserv/
Redirect Chain

https://action.dstillery.com/orbserv/nspix?adv=cl1024098&ns=2939&nc=CA_Technologies_SC_Readers&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
https://action.media6degrees.com/orbserv/nspix?adv=cl1024098&ns=2939&nc=CA_Technologies_SC_Readers&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]

43 B
308 B

373ms
90ms

Image
image/gif

38.126.130.202
Media6degrees

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://action.media6degrees.com/orbserv/nspix?adv=cl1024098&ns=2939&nc=CA_Technologies_SC_Readers&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 38.126.130.202 , United States, ASN1422 (MEDIA6-ASN - Media6degrees, US),
Reverse DNS: action-s.pipelane.net
Software: Apache-Coyote/1.1 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Jan 2019 13:25:12 GMT
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43

Redirect headers

Access-Control-Allow-Origin: *
Date: Tue, 15 Jan 2019 13:25:12 GMT
Server: Apache/2.4.6 (CentOS)
Connection: close
Content-Length: 359
Location: https://action.media6degrees.com/orbserv/nspix?adv=cl1024098&ns=2939&nc=CA_Technologies_SC_Readers&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

nspix
action.media6degrees.com/orbserv/
Redirect Chain

https://action.dstillery.com/orbserv/nspix?adv=cl1023384&ns=2890&nc=ForcePoint_SC_Readers_Extended_Network&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
https://action.media6degrees.com/orbserv/nspix?adv=cl1023384&ns=2890&nc=ForcePoint_SC_Readers_Extended_Network&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]

43 B
308 B

373ms
91ms

Image
image/gif

38.126.130.202
Media6degrees

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://action.media6degrees.com/orbserv/nspix?adv=cl1023384&ns=2890&nc=ForcePoint_SC_Readers_Extended_Network&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 38.126.130.202 , United States, ASN1422 (MEDIA6-ASN - Media6degrees, US),
Reverse DNS: action-s.pipelane.net
Software: Apache-Coyote/1.1 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Jan 2019 13:25:12 GMT
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43

Redirect headers

Access-Control-Allow-Origin: *
Date: Tue, 15 Jan 2019 13:25:12 GMT
Server: Apache/2.4.6 (CentOS)
Connection: close
Content-Length: 371
Location: https://action.media6degrees.com/orbserv/nspix?adv=cl1023384&ns=2890&nc=ForcePoint_SC_Readers_Extended_Network&ncv=50&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 35 KB
14 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:81a::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-TCMLVLP&t=gtm1&cid=623046801.1547558713

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

618954b39db10214b7e3576f5543f7753c38ee2616cb1f066a82c1ec4987212f

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 14132
x-xss-protection: 1; mode=block
expires: Tue, 15 Jan 2019 13:25:12 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 504 B
853 B 55ms
55ms XHR
text/javascript 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

583c894c386a9c85976586b2c40928cbd09eb9ef1fb30412165a8d56b7bf901e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Origin: https://www.scmagazine.com

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 331
x-xss-protection: 1; mode=block
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_287.js Show response
securepubads.g.doubleclick.net/gpt/ 58 KB
22 KB 47ms
47ms Script
text/javascript 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

sffe /

Resource Hash

676d159347cd59711604943ecf8c34d3bfb43351bc67b4d2e163f8aac82c5c71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Jan 2019 18:15:14 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 22211
x-xss-protection: 1; mode=block
expires: Tue, 15 Jan 2019 13:25:12 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-31/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:816::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:816::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Purpose: prefetch
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 510 B
500 B 55ms
54ms XHR
text/javascript 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

4beca5d8f74bb60f6e51daeab83dfc6cb26f21018f719e0f9a181dda64924849

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Origin: https://www.scmagazine.com

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 337
x-xss-protection: 1; mode=block
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 335ms
109ms Image
image/gif 34.193.242.172
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=scmagazine.com&p=%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&u=CtC_rfCLeJyCD0_vXV&d=scmagazine.com&g=56851&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=2773&o=1585&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=953&t=ZBNvNDXlAfGC-B1jiRgwbwgCiGT&V=111&i=Ryuk%20ransomware%20linked%20to%20Emotet%20and%20TrickBot%20trojans%3B%20suspicions%20shift%20to%20cybercriminal%20group%20%7C%20SC%20&tz=0&sn=1&sv=gjkABCJqc5b4JdY8B4om9-DrIXum&sd=1&im=067b2fff&_
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.242.172 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-193-242-172.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Tue, 15 Jan 2019 13:25:12 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
content-length: 43
content-type: image/gif

GET
H2 200 lounge.d49f53e192b9080ef8880a7c9b24f1c3.css
c.disquscdn.com/next/embed/styles/ 102 KB
19 KB 52ms
50ms Stylesheet
text/css 2606:4700::6810:50a6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.d49f53e192b9080ef8880a7c9b24f1c3.css

Requested by

Host: scmagazineus.disqus.com
URL: https://scmagazineus.disqus.com/embed.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8d842dc045c65986e7b50952261d47b62cab35c5829700e90d1965ec11692e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 4998aac1f93ec2bf-FRA
status: 200
vary: Accept-Encoding
content-length: 19425
x-xss-protection: 1; mode=block
last-modified: Fri, 26 Oct 2018 00:31:19 GMT
server: cloudflare
cache-control: max-age=31536000, public, immutable, no-transform
etag: "5bd26057-4be1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: text/css; charset=utf-8
access-control-allow-origin: *
fastly-debug-digest: eb1006ce43d6cade1496acb1e51569c1d94dd6f363a0a4e497669b5cee0f6289
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 26 Oct 2019 18:02:22 GMT

GET
H2 200 common.bundle.81998d48c30a90f1e372f73e226bece4.js Show response
c.disquscdn.com/next/embed/ 243 KB
81 KB 47ms
45ms Script
application/javascript 2606:4700::6810:50a6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.81998d48c30a90f1e372f73e226bece4.js

Requested by

Host: scmagazineus.disqus.com
URL: https://scmagazineus.disqus.com/embed.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

37cbec7848d20e4767cc5b65fa8a3a9f41a1bdf2ecaa98983d0c6263567aef3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 4998aac1f942c2bf-FRA
status: 200
vary: Accept-Encoding
content-length: 82947
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Jan 2019 20:03:43 GMT
server: cloudflare
cache-control: max-age=31536000, public, immutable, no-transform
etag: "5c36539f-14403"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
fastly-debug-digest: 040e22fccfcedb74fc49b120f27e71468cb2bd891c3eaa02ec4d589e263fceea
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2020 21:09:27 GMT

GET
H2 200 lounge.bundle.eb7b5137116db258599fe20d5d9253f6.js Show response
c.disquscdn.com/next/embed/ 381 KB
99 KB 45ms
43ms Script
application/javascript 2606:4700::6810:50a6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.eb7b5137116db258599fe20d5d9253f6.js

Requested by

Host: scmagazineus.disqus.com
URL: https://scmagazineus.disqus.com/embed.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

029cfeb079d4a5b7d45c622cd3f0bae1355c553d051f924fa587d61393e1fa7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 4998aac1f943c2bf-FRA
status: 200
vary: Accept-Encoding
content-length: 100823
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Jan 2019 20:03:43 GMT
server: cloudflare
cache-control: max-age=31536000, public, immutable, no-transform
etag: "5c36539f-189d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
fastly-debug-digest: 3e64890d09532f7f347aff2834bb7d0c3ad5afac614f368fb2d077a735063b4d
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2020 21:09:27 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ 6 KB
3 KB 8ms
7ms Script
application/javascript 151.101.64.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: scmagazineus.disqus.com
URL: https://scmagazineus.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

d0d19f68352c82b2784c1b9c602aa713294ae6c7b2aa11dc2f8c7557be989882

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 54
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Length: 2624
X-XSS-Protection: 1; mode=block
Server: nginx
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin: *

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j72&a=138247600&t=pageview&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1290429-10&cid=623046801.1547558713&jid=85174195&_gid=1968946447.1547558713&gjid=269044710&_v=j72&z=2048006006
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=623046801.1547558713&jid=85174195&_v=j72&z=2048006006
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=623046801.1547558713&jid=85174195&_v=j72&z=2048006006&slf_rd=1&random=195996872

42 B
109 B

19ms
18ms

Image
image/gif

2a00:1450:4001:824::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=623046801.1547558713&jid=85174195&_v=j72&z=2048006006&slf_rd=1&random=195996872

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:12 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=623046801.1547558713&jid=85174195&_v=j72&z=2048006006&slf_rd=1&random=195996872
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
102 B 6ms
6ms Image
image/gif 2a00:1450:4001:81a::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j72&a=138247600&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&ul=en-us&de=UTF-8&dt=Ryuk%20ransomware%20linked%20to%20Emotet%20and%20TrickBot%20trojans%3B%20suspicions%20shift%20to%20cybercriminal%20group%20%7C%20SC%20Media&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Scroll%20Depth&ea=%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&el=25%25&ev=25&_u=aGDAAAADQ~&jid=&gjid=&cid=623046801.1547558713&tid=UA-1290429-10&_gid=1968946447.1547558713&gtm=2wgbc0W475TQW&z=998027671

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Jan 2019 04:33:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1068724
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 io.min.js Show response
c.lytics.io/static/v2/ 13 KB
6 KB 13ms
13ms Script
application/javascript 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/static/v2/io.min.js
Requested by: Host: c.lytics.io
URL: https://c.lytics.io/api/tag/8514ca3b54284ee6e75983f95ff7262a/lio.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2435070f04e40c2666a729a016c60355b2025c969c3b7857489b7c8b2755bc2

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:12 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Mon, 14 Jan 2019 18:04:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
content-encoding: br
cache-control: public, max-age=14400
cf-ray: 4998aac20b3fbed0-FRA
expires: Tue, 15 Jan 2019 17:25:12 GMT

GET
H2 200 8 Show response
c.lytics.io/cid/ 77 B
330 B 124ms
123ms Script
text/javascript 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/cid/8?callback=jQuery112406929572797590546_1547558712269&_=1547558712270
Requested by: Host: 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27478e2382adda2fb92f85d1b3b379e059b0d4df213c2c19842627f70b34a63a

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:12 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: text/javascript
status: 200
content-encoding: br
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac23b72bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires: 0

GET
H2 200 61738d628ea6913c4f8bd59a49e57964
api.lytics.io/api/me/iframe/8514ca3b54284ee6e75983f95ff7262a/_uid/ Frame F6A1 0
0 168ms
136ms Document
text/html 35.227.192.113
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://api.lytics.io/api/me/iframe/8514ca3b54284ee6e75983f95ff7262a/_uid/61738d628ea6913c4f8bd59a49e57964?segments=true&mergestate=true&ts=1547558712804
Requested by: Host: c.lytics.io
URL: https://c.lytics.io/api/tag/8514ca3b54284ee6e75983f95ff7262a/lio.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.227.192.113 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 113.192.227.35.bc.googleusercontent.com
Software: lytics.io 5dba88f816 /
Resource Hash

Request headers

:method: GET
:authority: api.lytics.io
:scheme: https
:path: /api/me/iframe/8514ca3b54284ee6e75983f95ff7262a/_uid/61738d628ea6913c4f8bd59a49e57964?segments=true&mergestate=true&ts=1547558712804
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
accept-encoding: gzip, deflate, br
cookie: __cfduid=df3cb70132fd6e94a35ac81503bbcfa6b1547558712; seerid=61738d628ea6913c4f8bd59a49e57964
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Response headers

status: 200
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Cookie, *
access-control-allow-methods: GET
access-control-allow-origin
content-encoding: gzip
content-type: text/html
server: lytics.io 5dba88f816
date: Tue, 15 Jan 2019 13:25:12 GMT
content-length: 294
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK ad.gif
api-34-222-245-10.b2c.com/api/ 43 B
233 B 517ms
166ms Image
image/gif 2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-34-222-245-10.b2c.com/api/ad.gif
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:13 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 pathfora.min.js Show response
c.lytics.io/static/ 97 KB
20 KB 15ms
13ms Script
application/javascript 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/static/pathfora.min.js
Requested by: Host: c.lytics.io
URL: https://c.lytics.io/api/tag/8514ca3b54284ee6e75983f95ff7262a/lio.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e2b97bb47969c8f40fcd444f6bcc5de371ddb2572e508bc2f8c8b02d8e17f1f

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Mon, 14 Jan 2019 18:04:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
content-encoding: br
cache-control: public, max-age=14400
cf-ray: 4998aac52f41bed0-FRA
expires: Tue, 15 Jan 2019 17:25:13 GMT

GET
H2 200 8514ca3b54284ee6e75983f95ff7262a
c.lytics.io/c/ 35 B
93 B 134ms
130ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a?login=false&publicationId=76&channel=home&email=&user_id=&pagetype=post&tags=cybercrime%2Cmalware%2Cransomware&categories=cybercrime%2Cnews%2Cransomware&userstate=&pagename=Ryuk%20ransomware%20linked%20to%20Emotet%20and%20TrickBot%20trojans%3B%20suspicions%20shift%20to%20cybercriminal%20group&author=Bradley%20Barth&cpn=&userspecialty=&userprofession=&section=home%3Anews%3Aryuk%20ransomware%20linked%20to%20emotet%20and%20trickbot%20trojans%3B%20suspicions%20shift%20to%20cybercriminal%20group&_ts=1547558713126&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_e=pv&_sesstart=1&_tz=0&_ul=en-US&_sz=1600x1200&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f42bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 8514ca3b54284ee6e75983f95ff7262a
c.lytics.io/c/ 35 B
93 B 141ms
138ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a?_ts=1547558713127&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f43bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
104 B 118ms
114ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?gtm.start=1547558712175&event=gtm.js&gtm.uniqueEventId=0&_ts=1547558713127&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f44bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 119ms
115ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.AdBlocking=&_ts=1547558713127&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f47bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 121ms
117ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.ArticleId=91903%3A0&_ts=1547558713127&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f48bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 118ms
114ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.ArticleType=News&_ts=1547558713127&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f49bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 121ms
117ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.LoggedIn=false&_ts=1547558713128&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f4abed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 119ms
116ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.Login=false&_ts=1547558713128&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f4bbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 123ms
120ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.MetaData=&_ts=1547558713128&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f4dbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 121ms
117ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.NHTFlag=false&_ts=1547558713128&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f4ebed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 133ms
130ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.Type=post&_ts=1547558713128&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f4fbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 122ms
118ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.ScrollDepth=&_ts=1547558713128&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f51bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 161ms
158ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.cmeActivityId=&_ts=1547558713128&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f52bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 126ms
123ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.PrintSource=&_ts=1547558713129&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f53bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 122ms
118ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.SEOScore=85&_ts=1547558713129&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f54bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 130ms
127ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Site.Prefix=omn&_ts=1547558713129&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f55bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 131ms
128ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.SocSSN=&_ts=1547558713130&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f56bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 120ms
117ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.SSO=0&_ts=1547558713131&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f58bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 132ms
130ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.SubscriberId=&_ts=1547558713131&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f59bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 133ms
130ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Site.PublicationId=76&_ts=1547558713131&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f5abed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 183ms
180ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.Author=Bradley%20Barth&_ts=1547558713131&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f5cbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
101 B 145ms
142ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.Profession=&_ts=1547558713131&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f5dbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
94 B 150ms
148ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.Specialty=&_ts=1547558713131&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f5ebed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 122ms
120ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.SubProfession=&_ts=1547558713132&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f60bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 130ms
128ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.SubSpecialty=&_ts=1547558713132&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f61bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 128ms
126ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.JobTitle=&_ts=1547558713132&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f62bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 122ms
119ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Novo.PremiumMonograph=&_ts=1547558713132&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f63bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 129ms
127ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Novo.Geolocation=&_ts=1547558713132&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f64bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 128ms
127ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.CampaignCodes=&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f65bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 139ms
137ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.Country=&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f66bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 122ms
121ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Activity.Name=&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f68bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 132ms
131ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.GenericEvents=&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f69bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 138ms
136ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?eComm.CurrencyCode=&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f6abed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 138ms
137ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?eComm.OrderId=&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f6cbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 148ms
147ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Drug.CompanyName=&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f6dbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 120ms
119ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Novo.IsPremiumMonograph=false&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac52f6ebed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 120ms
117ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.GatingType=post%3Anone&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f6fbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
101 B 136ms
133ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.Company=&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f75bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
232 B 151ms
148ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.Discipline=&_ts=1547558713133&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f80bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 125ms
122ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.Asset=&_ts=1547558713134&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f84bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 133ms
130ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.PublishDate=01%2F12%2F2019&_ts=1547558713134&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f87bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
94 B 138ms
135ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.Curation=false&_ts=1547558713134&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f8bbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 180ms
177ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Article.WordCount=536&_ts=1547558713135&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f8dbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 129ms
126ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.Company=&_ts=1547558713135&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f91bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
118 B 152ms
149ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?User.CompanySize=&_ts=1547558713135&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f94bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 137ms
135ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?MyCME.CreditType=&_ts=1547558713136&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f97bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 125ms
123ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?MyCME.ActivityResult=&_ts=1547558713136&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f99bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 159ms
156ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.NumberofAdCalls=11&_ts=1547558713136&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f9cbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
95 B 145ms
143ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?eComm.ProductsInCart=&_ts=1547558713136&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53f9ebed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
94 B 138ms
136ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.Section1=home&_ts=1547558713136&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53fa1bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 163ms
161ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.Section2=home%3Anews&_ts=1547558713136&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53fa4bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 143ms
142ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.Section3=home%3Anews%3Aryuk%20ransomware%20linked%20to%20emotet%20and%20trickbot%20trojans%3B%20suspicions%20shift%20to%20cybercriminal%20group&_ts=1547558713136&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53fa5bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 140ms
138ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.Section4=&_ts=1547558713137&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53fa6bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
166 B 138ms
136ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.Tags=cybercrime%2Cmalware%2Cransomware&_ts=1547558713137&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53fa7bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
104 B 153ms
151ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?Page.Categories=cybercrime%2Cnews%2Cransomware&_ts=1547558713137&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53fa8bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
94 B 133ms
132ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?event=gtm.scrollDepth&gtm.scrollThreshold=25&gtm.scrollUnits=percent&gtm.scrollDirection=vertical&gtm.triggers=6005747_23&gtm.uniqueEventId=11&_ts=1547558713137&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53fa9bed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 default
c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/ 35 B
93 B 124ms
123ms Image
image/gif 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/8514ca3b54284ee6e75983f95ff7262a/default?gtm.start=1547558712531&event=gtm.js&gtm.uniqueEventId=13&_ts=1547558713137&_nmob=t&_device=desktop&url=www.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&_uid=61738d628ea6913c4f8bd59a49e57964&_getid=t&_v=2.0.0&_ca=jstag1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cf-ray: 4998aac53fabbed0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
content-length: 35
expires: 0

GET
H2 200 61738d628ea6913c4f8bd59a49e57964 Show response
api.lytics.io/api/content/recommend/user/id/ 55 KB
7 KB 354ms
324ms XHR
application/json 35.227.192.113
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://api.lytics.io/api/content/recommend/user/id/61738d628ea6913c4f8bd59a49e57964?limit=30&contentsegment=scm_collection&shuffle=true&access_token=IAhBxtCrW01Bq4bdFtG5Ggxx
Requested by: Host: 3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1547479433
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.227.192.113 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 113.192.227.35.bc.googleusercontent.com
Software: lytics.io 5dba88f816 /
Resource Hash: c46ad118afecb7452e8d8b7865f8d9e49f620d5a5727fafcee58fc0c70a18fc6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Origin: https://www.scmagazine.com

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: gzip
server: lytics.io 5dba88f816
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Cookie, *
status: 200
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: https://www.scmagazine.com
alt-svc: clear
via: 1.1 google

GET
H2 200 pathfora.min.css
c.lytics.io/static/ 20 KB
3 KB 13ms
12ms Stylesheet
text/css 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/static/pathfora.min.css
Requested by: Host: c.lytics.io
URL: https://c.lytics.io/static/pathfora.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58aa5964d6f5dc68b2180e943ea63b6031c0ba83e44d9815e724b10f2f615f9f

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Mon, 14 Jan 2019 18:04:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
status: 200
content-encoding: br
cache-control: public, max-age=14400
cf-ray: 4998aac54fcdbed0-FRA
expires: Tue, 15 Jan 2019 17:25:13 GMT

GET
H2 200 config.js Show response
c.lytics.io/api/program/campaign/config/8514ca3b54284ee6e75983f95ff7262a/ 376 B
337 B 133ms
132ms Script
application/javascript 2606:4700:20::6819:5465
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/api/program/campaign/config/8514ca3b54284ee6e75983f95ff7262a/config.js
Requested by: Host: c.lytics.io
URL: https://c.lytics.io/api/tag/8514ca3b54284ee6e75983f95ff7262a/lio.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:20::6819:5465 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4967d03fb66f41ab7a7bef6265dbc532e549d91805ff654f1656bc790b6dcff2

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
via: 1.1 google
cf-cache-status: EXPIRED
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
content-encoding: br
cache-control: public, max-age=14400
cf-ray: 4998aac54fcebed0-FRA
expires: Tue, 15 Jan 2019 17:25:13 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 68ms
68ms XHR
text/javascript 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3048478949280397&correlator=2081669853327582&output=json_html&callback=googletag.impl.pubads.callbackProxy3&impl=fif&adsid=NT&eid=21062288%2C21062722&vrg=287&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776&sc=1&sfv=1-0-31&iu=%2F5745%2Fsc_us%2Fhome%2Fsecurity-news%2Fcybercrime%2Fleaderboard_top&sz=728x90%7C970x250&scp=pos%3Dleaderboard_top&eri=1&cust_params=pagetype%3Dpost%26sponsor%3D%26comp%3D%26author%3DBradley%2520Barth%26postID%3D91903%26env%3Dlive%26sid%3Dcybercrime%252Csecurity-news%252Cransomware%26search%3Dfalse%26log%3D0%26styleid%3D%26cat%3Dcybercrime%252Cmalware%252Cransomware%26browser%3DChrome%252067%26LyticsSegments%3Dmodule_115_022818_priority_2_sc_paid_subscription%252Cce_no_usa%252Call%252Csmt_new%252Cly_reporting_has_visited_web%252Cly_reporting_multi_session_visitor%252Cly_reporting_last_visit_within_day%252Cly_reporting_last_visit_within_week%252Cly_reporting_last_visit_within_month%252Cly_reporting_last_visit_within_3_months%252Cly_unknown_email%252Cly_repeat_visitor%252Cly_uses_desktop%252Cce_unknown_1000plus%252Csc_module_063017_priority_3_sc_reboot_17_industry_innovators%252Csc_module_21_073117_priority_2_817_thycotic%252Csc_module_081717_priority_3_surviving_ransomware_28%252Csc_module_090717_priority_2_surviving_ransomware_41%252Csc_module_56_092717_priority_3_threat_management_eb%252Csc_module_74_103017_priority_2_threat_management_eb%252Csc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86&cookie=ID%3D2f734c0458b0610a%3AT%3D1547558712%3AS%3DALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg&cookie_enabled=1&bc=15&abxe=1&lmt=1547558713&dt=1547558713216&dlt=1547558712168&idt=371&frm=20&biw=1585&bih=1200&oid=3&adx=429&ady=186&adk=3023180299&uci=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&dssz=60&icsg=2379411881984&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1200x106&msz=1200x90&blev=1&bisch=1&psts=CgA%2CCgA&ga_vid=623046801.1547558713&ga_sid=1547558713&ga_hid=138247600&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

1942d9d4880e9e87dd84247a8857cfcd631fc69f8584090c99a4d1b510cf9f0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Origin: https://www.scmagazine.com

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4660
x-xss-protection: 1; mode=block
google-lineitem-id: 4915233295
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138256660766
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1547558713221&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shif...
https://px.ads.linkedin.com/collect/?time=1547558713221&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shif...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1547558713221%26pid%3D68780%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity...
https://px.ads.linkedin.com/collect/?time=1547558713221&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shif...

0
70 B

181ms
181ms

Script
application/javascript

2a05:f500:10:101::b93f:9105
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1547558713221&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&fmt=js&s=1&cookiesTest=true&liSync=true
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 20
x-li-uuid: kJsJZHMIehXgxIy5EisAAA==

Redirect headers

date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-li-pop: prod-edc2
content-length: 20
x-li-uuid: eNd4XXMIehUAVZH9wCoAAA==
pragma: no-cache
server: Play
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect/?time=1547558713221&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

302
Moved Temporarily

4 Show response
api-34-222-245-10.b2c.com/api/
Redirect Chain

https://api-34-222-245-10.b2c.com/api/x?684heTeBhPjYyTIg$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3J5dWstcmFuc29td2FyZS1saW5rZWQtdG8tZW1vdGV0LWFuZC10cmlja2JvdC10cm9qYW5z...
https://api-34-222-245-10.b2c.com:444/api/4?684heTeBhPjYyTIg

0
-1 B

507ms
172ms

XHR
text/html

2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-34-222-245-10.b2c.com:444/api/4?684heTeBhPjYyTIg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:13 GMT
Server: openresty
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Location: https://api-34-222-245-10.b2c.com:444/api/4?684heTeBhPjYyTIg
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 158

Redirect headers

Date: Tue, 15 Jan 2019 13:25:13 GMT
Server: openresty
Location: https://api-34-222-245-10.b2c.com:444/api/4?684heTeBhPjYyTIg
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 158

GET
H2 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20190109/r20110914/client/ext/ Frame 2E83 2 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20190109/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

4dd51e6b250e15946ca0af835e0511093c82c5678115aac3055645d889a1681a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 10 Jan 2019 00:41:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 477839
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1049
x-xss-protection: 1; mode=block
server: cafe
etag: 9573447915536422037
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jan 2019 00:41:14 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2E83 76 KB
28 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:81a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1a27c48c49702fde31c2a55ebcf03e9da120e054143d2c0c0f575fd680c42f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Jan 2019 19:00:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 28537
x-xss-protection: 1; mode=block
expires: Tue, 15 Jan 2019 13:25:13 GMT

GET
H2 200 init-140r6opg3f7b3b5fypx.js Show response
api.b2c.com/api/ Frame 2E83 13 KB
5 KB 187ms
186ms Script
text/javascript 2600:1f14:cc5:8001:d778:4025:9131:ad36
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.b2c.com/api/init-140r6opg3f7b3b5fypx.js?AdUnitID_TopLevel=71217025&AdUnitID=71217025&AdvertiserID=4676328209&OrderID=2463597745&LineItemID=4915233295&CreativeID=138256660766&sid=cybercrime,security-news,ransomware
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8001:d778:4025:9131:ad36 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: 81169b3a2e761e5ac9498a4b56609aac39022a1550fcc3b1c777f5057b67f236

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: gzip
server: openresty
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate
expires: -1

GET
H2 200 8770988340430022479
tpc.googlesyndication.com/simgad/ Frame 2E83 168 KB
169 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:816::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8770988340430022479

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

457a978034f1b1804a1340239406bf2733586b3609ad22bfe0618fb623700f25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 14 Jan 2019 16:11:19 GMT
x-content-type-options: nosniff
age: 76434
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 172408
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Jan 2019 16:54:35 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Jan 2020 16:11:19 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:81a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f8fa26adefe57f1f86b8255b34c316d6cc264419555efdf6311136af9b2a6e1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Jan 2019 19:00:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 27220
x-xss-protection: 1; mode=block
expires: Tue, 15 Jan 2019 13:25:13 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 10 KB
5 KB 65ms
62ms XHR
text/javascript 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3048478949280397&correlator=2081669853327582&output=json_html&callback=googletag.impl.pubads.callbackProxy4&impl=fif&adsid=NT&eid=21062288%2C21062722&vrg=287&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776&sc=1&sfv=1-0-31&iu=%2F5745%2Fsc_us%2Fhome%2Fsecurity-news%2Fcybercrime%2Fleaderboard_bottom&sz=728x90%7C970x250&scp=pos%3Dleaderboard_bottom%26lid%3D4915233295&eri=1&cust_params=pagetype%3Dpost%26sponsor%3D%26comp%3D%26author%3DBradley%2520Barth%26postID%3D91903%26env%3Dlive%26sid%3Dcybercrime%252Csecurity-news%252Cransomware%26search%3Dfalse%26log%3D0%26styleid%3D%26cat%3Dcybercrime%252Cmalware%252Cransomware%26browser%3DChrome%252067%26LyticsSegments%3Dmodule_115_022818_priority_2_sc_paid_subscription%252Cce_no_usa%252Call%252Csmt_new%252Cly_reporting_has_visited_web%252Cly_reporting_multi_session_visitor%252Cly_reporting_last_visit_within_day%252Cly_reporting_last_visit_within_week%252Cly_reporting_last_visit_within_month%252Cly_reporting_last_visit_within_3_months%252Cly_unknown_email%252Cly_repeat_visitor%252Cly_uses_desktop%252Cce_unknown_1000plus%252Csc_module_063017_priority_3_sc_reboot_17_industry_innovators%252Csc_module_21_073117_priority_2_817_thycotic%252Csc_module_081717_priority_3_surviving_ransomware_28%252Csc_module_090717_priority_2_surviving_ransomware_41%252Csc_module_56_092717_priority_3_threat_management_eb%252Csc_module_74_103017_priority_2_threat_management_eb%252Csc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86&cookie=ID%3D2f734c0458b0610a%3AT%3D1547558712%3AS%3DALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg&cookie_enabled=1&bc=15&abxe=1&lmt=1547558713&dt=1547558713348&dlt=1547558712168&idt=371&frm=20&biw=1585&bih=1200&oid=3&adx=429&ady=2552&adk=3264981569&uci=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&dssz=61&icsg=9517647527936&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x2366&msz=1585x122&blev=1&bisch=1&psts=CgA%2CCgA%2CChoIj4TipxLoAZ7y9IWDBIACsbmAD4ACgd_6IQ&ga_vid=623046801.1547558713&ga_sid=1547558713&ga_hid=138247600&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

f965b742a78d61118c556d86f2455b7b004e9e976d8316d74621772cd64047c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Origin: https://www.scmagazine.com

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 4658
x-xss-protection: 1; mode=block
google-lineitem-id: 133590745
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138256821730
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2E83 0
63 B 36ms
35ms Image
image/gif 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuQxckXFn7UU23mufwx1lLDu2QVO-sUVyCYbgcdPqDjCSp5Ut8fLQBdTlCGX2WfVs7DmczAvxtz11uIU6WmAjCac1SL-G5dL8Npv6Octz0jexfiUlPn5_K1hPqTMBtUWu8-QLE2a4aZlAihsDZ5HwhVdzO65qOlxSV6djg3iBGY06kj-owrNcxmPlJ0AWj3QlYb6nu6s0ga-fhC_T8DTFECQyL0aQ5JM-6IvLF53oNjdTXyMRhgd7CFm5KJ0c5To747NPt7tyJFsCx-qgqPZklk3tSXU-ySKW7fa5WgEUb4n3rXi-aF&sai=AMfl-YTdftUTKkoOUggDazjin1Y6oXoPgDdcSHgOLrvoPOwUliVG945JMKCaKB0SWNqhTR5Y1KHaTYYKYpxiw3XMUC17rV7h9d1XmZG1mkZYDGSopBLrh-0pfmeFwG0&sig=Cg0ArKJSzN5qsa10Gq1hEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame 2E83 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e58afe9df351a807c6ec998884af42ca814def734427d307ceab0e6cdc79341c

Request headers

Response headers

Content-Type: image/png

GET
H2 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20190109/r20110914/client/ext/ Frame 9A56 2 KB
0 6ms
5ms Script
text/javascript 2a00:1450:4001:816::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20190109/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

4dd51e6b250e15946ca0af835e0511093c82c5678115aac3055645d889a1681a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Response headers

date: Thu, 10 Jan 2019 00:41:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 477839
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1049
x-xss-protection: 1; mode=block
server: cafe
etag: 9573447915536422037
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jan 2019 00:41:14 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9A56 76 KB
0 40ms
39ms Script
text/javascript 2a00:1450:4001:81a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1a27c48c49702fde31c2a55ebcf03e9da120e054143d2c0c0f575fd680c42f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Jan 2019 19:00:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 28537
x-xss-protection: 1; mode=block
expires: Tue, 15 Jan 2019 13:25:13 GMT

GET
H2 200 init-140r6opg3f7b3b5fypx.js Show response
api.b2c.com/api/ Frame 9A56 13 KB
5 KB 167ms
166ms Script
text/javascript 2600:1f14:cc5:8001:d778:4025:9131:ad36
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.b2c.com/api/init-140r6opg3f7b3b5fypx.js?AdUnitID_TopLevel=71217025&AdUnitID=71217025&AdvertiserID=29195785&OrderID=415620985&LineItemID=133590745&CreativeID=138256821730&sid=cybercrime,security-news,ransomware
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8001:d778:4025:9131:ad36 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: 8fa2547713295126552c98b376c703091e0d7549ddd9ac5a6546abf4b3e83109

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: gzip
server: openresty
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate
expires: -1

GET
DATA 200
OK truncated
/ Frame 9A56 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 524a8a1bdf0e44291b4234a7083ae7079f80f48a228df6dbc82638e43463a07c

Request headers

Response headers

Content-Type: image/png

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 343 B
291 B 56ms
55ms XHR
text/javascript 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3048478949280397&correlator=2081669853327582&output=json_html&callback=googletag.impl.pubads.callbackProxy5&impl=fif&adsid=NT&eid=21062288%2C21062722&vrg=287&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776&sc=1&sfv=1-0-31&iu=%2F5745%2Fsc_us%2Fhome%2Fsecurity-news%2Fcybercrime%2Fbox_1&sz=300x250%7C300x600&scp=pos%3Dbox_1%26lid%3D4915233295%2C133590745&eri=1&cust_params=pagetype%3Dpost%26sponsor%3D%26comp%3D%26author%3DBradley%2520Barth%26postID%3D91903%26env%3Dlive%26sid%3Dcybercrime%252Csecurity-news%252Cransomware%26search%3Dfalse%26log%3D0%26styleid%3D%26cat%3Dcybercrime%252Cmalware%252Cransomware%26browser%3DChrome%252067%26LyticsSegments%3Dmodule_115_022818_priority_2_sc_paid_subscription%252Cce_no_usa%252Call%252Csmt_new%252Cly_reporting_has_visited_web%252Cly_reporting_multi_session_visitor%252Cly_reporting_last_visit_within_day%252Cly_reporting_last_visit_within_week%252Cly_reporting_last_visit_within_month%252Cly_reporting_last_visit_within_3_months%252Cly_unknown_email%252Cly_repeat_visitor%252Cly_uses_desktop%252Cce_unknown_1000plus%252Csc_module_063017_priority_3_sc_reboot_17_industry_innovators%252Csc_module_21_073117_priority_2_817_thycotic%252Csc_module_081717_priority_3_surviving_ransomware_28%252Csc_module_090717_priority_2_surviving_ransomware_41%252Csc_module_56_092717_priority_3_threat_management_eb%252Csc_module_74_103017_priority_2_threat_management_eb%252Csc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86&cookie=ID%3D2f734c0458b0610a%3AT%3D1547558712%3AS%3DALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg&cookie_enabled=1&bc=15&abxe=1&lmt=1547558713&dt=1547558713444&dlt=1547558712168&idt=371&frm=20&biw=1585&bih=1200&oid=3&adx=1053&ady=351&adk=1773908012&uci=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&dssz=61&icsg=9517647527936&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&blev=1&bisch=1&psts=CgA%2CCgA%2CChoIj4TipxLoAZ7y9IWDBIACsbmAD4ACgd_6IQ%2CChkI2d3ZP-gB4tv-hYMEgAKxuYAPgAKB3_oh&ga_vid=623046801.1547558713&ga_sid=1547558713&ga_hid=138247600&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

04a7850157941b110e720964c02030920733295264ccdf93648c5fd306c8dcef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Origin: https://www.scmagazine.com

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 213
x-xss-protection: 1; mode=block
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9A56 0
56 B 32ms
31ms Image
image/gif 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst3txoak2MwhVlDXvstR9VqxOJYB7RT1n8IYViSH6ymPvnYEuxY3abAAtGEHQtndGiohItVdy3z7fspD8Q9w_GDXvCfKkQjNuvVVbbcArbdgGnYpxwFH8_4CwtUwFtDqxbTfHFEDFBDD20ELZV3z4VhPWQfp9V4VJOeYLFoy2hYt7m9rUbcuNVoe076zn4zkpF3BdAX3OfXouJoT1cge17q10DNoQ2tsKm9Vjsrsddr5AfgaiHRksVW6oYysgSIZx3t5HepX_Lbogpf__BFarbGGxHFCxkdkKIFi49N9PVGq5O-ZsUWBnM&sai=AMfl-YTjA67j39nVR3wSvi22WQA5SF_aEyTw4RXaSahrwNS4yJzu03H6IADaJpTzu9aelVH2ewzotQx-X2_A1I9QaB3ogRA-N3PWL8lxAmT6GwL2FslANYTHvk2_wNw&sig=Cg0ArKJSzObLHE1mN-iOEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 14189485905223631304
tpc.googlesyndication.com/simgad/ Frame 9A56 54 KB
54 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:816::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14189485905223631304

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

cb3445eead1ab541f2fbf45af06a994422f6229db2f98c2e55c8f63893a8ce0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 09 Jan 2019 17:06:55 GMT
x-content-type-options: nosniff
age: 505098
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 55495
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Jan 2019 14:27:35 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Jan 2020 17:06:55 GMT

GET
H2 200 0408-retail-intro_14671.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/07/ 611 KB
612 KB 120ms
120ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/07/0408-retail-intro_14671.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f2e39668a20d08f09afdc26d253f407b640ef7456a89cfd163015066d871fcc8

Request headers

:path: /wp-content/uploads/sites/4/2018/07/0408-retail-intro_14671.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Thu, 05 Jul 2018 20:43:11 GMT
server: nginx
status: 200
etag: "5b3e82df-98aa3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 625315

GET
H2 200 cc0008254_693831.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/07/ 123 KB
123 KB 228ms
225ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/07/cc0008254_693831.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 41a1b87a4754b4b1ac551edf5c52c6f4b67fac2bb2f06fbe9000b4355eb20a90

Request headers

:path: /wp-content/uploads/sites/4/2018/07/cc0008254_693831.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Thu, 05 Jul 2018 19:26:31 GMT
server: nginx
status: 200
etag: "5b3e70e7-1eabf"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 125631

GET
H2 200 proton_1173310-4.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/07/ 59 KB
59 KB 228ms
225ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/07/proton_1173310-4.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e9eaa1ac6e385429ed20b09dea1850ab75ea2a5f0a6362909f618b8518bc69d3

Request headers

:path: /wp-content/uploads/sites/4/2018/07/proton_1173310-4.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 27 Jul 2018 17:03:39 GMT
server: nginx
status: 200
etag: "5b5b506b-eb58"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 60248

GET
H/1.1 200
OK posmalwarefocus_610822.jpg
media.scmagazine.com/images/2014/06/12/ 27 KB
27 KB 118ms
9ms Image
image/jpeg 13.35.253.54
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.scmagazine.com/images/2014/06/12/posmalwarefocus_610822.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.54 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-54.fra6.r.cloudfront.net
Software: Microsoft-IIS/8.5 /
Resource Hash: 49f6f01a4b5aea242d8f065d5a44a4830ce243e6d524be83648eda2c33d51ade

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: media.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 19 Oct 2018 21:18:03 GMT
Via: 1.1 2f0580a0593ad9d3fb82aee9226d8179.cloudfront.net (CloudFront)
Last-Modified: Fri, 11 Dec 2015 22:45:16 GMT
Server: Microsoft-IIS/8.5
Age: 7574799
ETag: "026919a6534d11:0"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
ImageFrom: New-Image
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27433
X-Amz-Cf-Id: rFOHCsKYR1z96Wkm13CIcOJsgBinfrPVR-pWtvcvqPot3OL3YG-HKA==

GET
H2 200 malware6_987491-1.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/08/ 24 KB
24 KB 228ms
225ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/08/malware6_987491-1.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 0f8b03d35fc5ee74af8ba968c5fd34d6d78013fb0db5c711399afaeaa9f721e2

Request headers

:path: /wp-content/uploads/sites/4/2018/08/malware6_987491-1.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 31 Aug 2018 15:25:40 GMT
server: nginx
status: 200
etag: "5b895df4-6074"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 24692

GET
H2 200 Opinion_AmeeshDivatia.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/09/ 183 KB
183 KB 228ms
225ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/09/Opinion_AmeeshDivatia.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a0d0d32837df8b4ba50d59bf9c20607112af7f902ba6fd720ae74d4140404029

Request headers

:path: /wp-content/uploads/sites/4/2018/09/Opinion_AmeeshDivatia.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 14 Sep 2018 18:19:39 GMT
server: nginx
status: 200
etag: "5b9bfbbb-2da6d"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 186989

GET
H2 200 animoto_1476026.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/08/ 329 KB
329 KB 227ms
225ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/08/animoto_1476026.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 78a7541a618ae2bbe02a58a72e47f378955ae4d0405bcf0dc9f83edd3061c3d4

Request headers

:path: /wp-content/uploads/sites/4/2018/08/animoto_1476026.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 31 Aug 2018 15:31:32 GMT
server: nginx
status: 200
etag: "5b895f54-52201"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 336385

GET
H2 200 puush1_751914-9.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/07/ 112 KB
112 KB 332ms
330ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/07/puush1_751914-9.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5defe440039097d869dcc438d41487a045c28b9695c9220caa16a2e7009902fb

Request headers

:path: /wp-content/uploads/sites/4/2018/07/puush1_751914-9.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 06 Jul 2018 08:11:23 GMT
server: nginx
status: 200
etag: "5b3f242b-1beff"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 114431

GET
H2 200 ransomware2_1308382-1.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/08/ 144 KB
144 KB 339ms
336ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/08/ransomware2_1308382-1.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 32ca65dd304efa5241cd5eefcc2ed9be6f897a390934a232bcfffcbf0f108c02

Request headers

:path: /wp-content/uploads/sites/4/2018/08/ransomware2_1308382-1.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 31 Aug 2018 15:08:42 GMT
server: nginx
status: 200
etag: "5b8959fa-24009"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 147465

GET
H2 200 ncl1_627752.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/08/ 29 KB
29 KB 339ms
337ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/08/ncl1_627752.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8b17271b24dbc011a0f5bfb480253ce3d67bf71f259f624b4b29f72447ad02aa

Request headers

:path: /wp-content/uploads/sites/4/2018/08/ncl1_627752.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 31 Aug 2018 15:10:13 GMT
server: nginx
status: 200
etag: "5b895a55-7312"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 29458

GET
H2 200 cybercrimeblotter_1108396.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/08/ 93 KB
94 KB 672ms
671ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/08/cybercrimeblotter_1108396.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ef6fad5303e620508ee489959ce949918889f9e36f93e5b2f914638ff20419ce

Request headers

:path: /wp-content/uploads/sites/4/2018/08/cybercrimeblotter_1108396.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 31 Aug 2018 15:24:17 GMT
server: nginx
status: 200
etag: "5b895da1-175c9"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 95689

GET
H2 200 airportbusinessman_1010607.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/07/ 26 KB
26 KB 678ms
676ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/07/airportbusinessman_1010607.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 308acef75f679c459f3c62bef1325e0e9d6ed90cfb5cfd6f14b1b6441b98348b

Request headers

:path: /wp-content/uploads/sites/4/2018/07/airportbusinessman_1010607.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 06 Jul 2018 04:39:02 GMT
server: nginx
status: 200
etag: "5b3ef266-672e"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 26414

GET
H2 200 413pxandroidupdatescreen_846374-11.jpg
www.scmagazine.com/wp-content/uploads/sites/4/2018/07/ 20 KB
20 KB 679ms
678ms Image
image/jpeg 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/07/413pxandroidupdatescreen_846374-11.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 323b5839559581754a7eec71a8041919b64b1edad7f5c8b81a87499a37f15080

Request headers

:path: /wp-content/uploads/sites/4/2018/07/413pxandroidupdatescreen_846374-11.jpg
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 06 Jul 2018 04:30:56 GMT
server: nginx
status: 200
etag: "5b3ef080-4f1b"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 20251

GET
H2 200 stu1-1.png
www.scmagazine.com/wp-content/uploads/sites/4/2018/10/ 33 KB
33 KB 681ms
680ms Image
image/png 52.202.3.162
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/4/2018/10/stu1-1.png
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.202.3.162 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-3-162.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4400ba12fc49a86640974d46d2476c8ffc2ebff620b8b1d2cf72d49bc69bc6aa

Request headers

:path: /wp-content/uploads/sites/4/2018/10/stu1-1.png
pragma: no-cache
cookie: _ga=GA1.2.623046801.1547558713; _gid=GA1.2.1968946447.1547558713; _cb_ls=1; _cb=CtC_rfCLeJyCD0_vXV; _chartbeat2=.1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1; _cb_svref=null; _gat_UA-1290429-10=1; __gads=ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg; seerses=e; seerses=e; seerid=61738d628ea6913c4f8bd59a49e57964; seerid=61738d628ea6913c4f8bd59a49e57964; ly_segs=%7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D; PathforaPageView=1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.scmagazine.com
referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
:scheme: https
:method: GET
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type: static/known
date: Tue, 15 Jan 2019 13:25:13 GMT
last-modified: Fri, 05 Oct 2018 14:37:17 GMT
server: nginx
status: 200
etag: "5bb7771d-838d"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 33677

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 343 B
292 B 57ms
56ms XHR
text/javascript 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3048478949280397&correlator=2081669853327582&output=json_html&callback=googletag.impl.pubads.callbackProxy6&impl=fif&adsid=NT&eid=21062288%2C21062722&vrg=287&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776&sc=1&sfv=1-0-31&iu=%2F5745%2Fsc_us%2Fhome%2Fsecurity-news%2Fcybercrime%2Fbox_2&sz=300x250%7C300x600&scp=pos%3Dbox_2%26lid%3D4915233295%2C133590745%2Cnull&eri=1&cust_params=pagetype%3Dpost%26sponsor%3D%26comp%3D%26author%3DBradley%2520Barth%26postID%3D91903%26env%3Dlive%26sid%3Dcybercrime%252Csecurity-news%252Cransomware%26search%3Dfalse%26log%3D0%26styleid%3D%26cat%3Dcybercrime%252Cmalware%252Cransomware%26browser%3DChrome%252067%26LyticsSegments%3Dmodule_115_022818_priority_2_sc_paid_subscription%252Cce_no_usa%252Call%252Csmt_new%252Cly_reporting_has_visited_web%252Cly_reporting_multi_session_visitor%252Cly_reporting_last_visit_within_day%252Cly_reporting_last_visit_within_week%252Cly_reporting_last_visit_within_month%252Cly_reporting_last_visit_within_3_months%252Cly_unknown_email%252Cly_repeat_visitor%252Cly_uses_desktop%252Cce_unknown_1000plus%252Csc_module_063017_priority_3_sc_reboot_17_industry_innovators%252Csc_module_21_073117_priority_2_817_thycotic%252Csc_module_081717_priority_3_surviving_ransomware_28%252Csc_module_090717_priority_2_surviving_ransomware_41%252Csc_module_56_092717_priority_3_threat_management_eb%252Csc_module_74_103017_priority_2_threat_management_eb%252Csc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86&cookie=ID%3D2f734c0458b0610a%3AT%3D1547558712%3AS%3DALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg&cookie_enabled=1&bc=15&abxe=1&lmt=1547558713&dt=1547558713519&dlt=1547558712168&idt=371&frm=20&biw=1585&bih=1200&oid=3&adx=1053&ady=416&adk=3910437336&uci=6&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&dssz=61&icsg=9517647527936&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x283&msz=300x250&blev=1&bisch=1&psts=CgA%2CCgA%2CCgA%2CChoIj4TipxLoAZ7y9IWDBIACsbmAD4ACgd_6IQ%2CChkI2d3ZP-gB4tv-hYMEgAKxuYAPgAKB3_oh&ga_vid=623046801.1547558713&ga_sid=1547558713&ga_hid=138247600&fws=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

46fd342aa83241b7a64a3da1b466ba7696c90e5d0bcba4957f8493e315bac77b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Origin: https://www.scmagazine.com

Response headers

date: Tue, 15 Jan 2019 13:25:13 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 214
x-xss-protection: 1; mode=block
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ad.gif
api-52-12-92-209.b2c.com/api/ Frame 2E83 43 B
233 B 583ms
182ms Image
image/gif 2600:1f14:cc5:8002:89f2:2f5b:cd6e:7e5d
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-52-12-92-209.b2c.com/api/ad.gif
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8002:89f2:2f5b:cd6e:7e5d , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:14 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK ad.gif
api-34-222-245-10.b2c.com/api/ Frame 9A56 43 B
0 517ms
166ms Image
image/gif 2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-34-222-245-10.b2c.com/api/ad.gif
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Response headers

Date: Tue, 15 Jan 2019 13:25:13 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H/1.1 200
OK x
api-34-222-245-10.b2c.com/api/ 0
363 B 173ms
173ms Other
text/plain 2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-34-222-245-10.b2c.com/api/x?684heTeBhPjYyTIg$YWRibG9jayQ1MzQkMA
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Tue, 15 Jan 2019 13:25:13 GMT
Server: openresty
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: -1

GET
H/1.1

302
Moved Temporarily

4 Show response
api-52-12-92-209.b2c.com/api/ Frame 2E83
Redirect Chain

https://api-52-12-92-209.b2c.com/api/x?80pVQvgnfEYnSP4T$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3J5dWstcmFuc29td2FyZS1saW5rZWQtdG8tZW1vdGV0LWFuZC10cmlja2JvdC10cm9qYW5zL...
https://api-52-12-92-209.b2c.com:444/api/4?80pVQvgnfEYnSP4T

0
-1 B

562ms
185ms

XHR
text/html

2600:1f14:cc5:8002:89f2:2f5b:cd6e:7e5d
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-52-12-92-209.b2c.com:444/api/4?80pVQvgnfEYnSP4T
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8002:89f2:2f5b:cd6e:7e5d , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:14 GMT
Server: openresty
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Location: https://api-52-12-92-209.b2c.com:444/api/4?80pVQvgnfEYnSP4T
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 158

Redirect headers

Date: Tue, 15 Jan 2019 13:25:14 GMT
Server: openresty
Location: https://api-52-12-92-209.b2c.com:444/api/4?80pVQvgnfEYnSP4T
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 158

GET 4
api-34-222-245-10.b2c.com/api/ 0
0

GET
H/1.1

302
Moved Temporarily

4 Show response
api-34-222-245-10.b2c.com/api/ Frame 9A56
Redirect Chain

https://api-34-222-245-10.b2c.com/api/x?H6nTraLOzwaiUdWw$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3J5dWstcmFuc29td2FyZS1saW5rZWQtdG8tZW1vdGV0LWFuZC10cmlja2JvdC10cm9qYW5z...
https://api-34-222-245-10.b2c.com:444/api/4?H6nTraLOzwaiUdWw

0
-1 B

169ms
169ms

XHR
text/html

2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-34-222-245-10.b2c.com:444/api/4?H6nTraLOzwaiUdWw
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 15 Jan 2019 13:25:13 GMT
Server: openresty
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Location: https://api-34-222-245-10.b2c.com:444/api/4?H6nTraLOzwaiUdWw
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 158

Redirect headers

Date: Tue, 15 Jan 2019 13:25:13 GMT
Server: openresty
Location: https://api-34-222-245-10.b2c.com:444/api/4?H6nTraLOzwaiUdWw
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 158

GET 4
api-34-222-245-10.b2c.com/api/ Frame 9A56 0
0

GET
H2 200 collect
www.google-analytics.com/ 35 B
102 B 6ms
6ms Image
image/gif 2a00:1450:4001:81a::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j72&a=138247600&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group%2F&ul=en-us&de=UTF-8&dt=Ryuk%20ransomware%20linked%20to%20Emotet%20and%20TrickBot%20trojans%3B%20suspicions%20shift%20to%20cybercriminal%20group%20%7C%20SC%20Media&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=lytics_refresh&ea=undefined&_u=6GDAAAADQ~&jid=&gjid=&cid=623046801.1547558713&tid=UA-1290429-10&_gid=1968946447.1547558713&gtm=2wgbc0W475TQW&cd20=all&cd21=&cd22=&cd23=&cd24=&cd25=&cd26=&cd27=&cd28=&cd29=&cd30=Normal%20(21%20segments%20found)&z=857264223

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Jan 2019 04:33:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1068726
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK x
api-52-12-92-209.b2c.com/api/ Frame 2E83 0
363 B 187ms
187ms Other
text/plain 2600:1f14:cc5:8002:89f2:2f5b:cd6e:7e5d
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-52-12-92-209.b2c.com/api/x?80pVQvgnfEYnSP4T$YWRibG9jayQ2MDQkMA
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:cc5:8002:89f2:2f5b:cd6e:7e5d , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Tue, 15 Jan 2019 13:25:14 GMT
Server: openresty
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: -1

GET 4
api-52-12-92-209.b2c.com/api/ Frame 2E83 0
0

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 2E83 42 B
115 B 26ms
26ms Image
image/gif 2a00:1450:4001:81e::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuoJoE9J6LIiYs4wYlHin4TqlxbnN6KbFIKa_NjWwp4SiuQZyysBKE1aKBcTM6LdZV9pC9klqDrQ-FPSNE2hA44wtxZOJYhv1iFSBQ&sig=Cg0ArKJSzDbzZtJCqU-BEAE&adk=3023180299&tt=280&bs=1585%2C1200&mtos=1043,1043,1043,1043,1043&tos=1043,0,0,0,0&p=186,429,276,1157&mcvt=1043&rs=3&ht=0&tfs=139&tls=1182&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1547558713338&rpt=110&isd=0&msd=0&lm=2&oseid=3&ps=1585%2C3122&ss=1600%2C1200&pt=903&deb=1-1-2-7-12-21-25-11&tvt=1165&r=v&id=osdim&uc=12&upc=1&tgt=DIV&cl=1&cec=6&clc=1&cac=0&cd=728x94&v=20190114

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81e::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/ryuk-ransomware-linked-to-emotet-and-trickbot-trojans-suspicions-shift-to-cybercriminal-group/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Jan 2019 13:25:14 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api-34-222-245-10.b2c.com
URL: https://api-34-222-245-10.b2c.com:444/api/4?684heTeBhPjYyTIg

Domain: api-34-222-245-10.b2c.com
URL: https://api-34-222-245-10.b2c.com:444/api/4?H6nTraLOzwaiUdWw

Domain: api-52-12-92-209.b2c.com
URL: https://api-52-12-92-209.b2c.com:444/api/4?80pVQvgnfEYnSP4T

Verdicts & Comments Add Verdict or Comment

131 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyResult Value: Normal (21 segments found)
www.scmagazine.com/	1970-01-18 21:52:40	Name: _cb_svref Value: null
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyParse08 Value:
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyParse06 Value:
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyParse07 Value:
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyParse04 Value:
.scmagazine.com/	1970-01-18 21:54:05	Name: _gid Value: GA1.2.1968946447.1547558713
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyParse02 Value:
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyParse01 Value: all
www.scmagazine.com/	1970-01-19 07:21:26	Name: _cb_ls Value: 1
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyParse03 Value:
www.scmagazine.com/	1970-01-19 06:38:14	Name: PathforaPageView Value: 1
.www.scmagazine.com/	1970-01-19 00:02:14	Name: seerid Value: 61738d628ea6913c4f8bd59a49e57964
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyParse09 Value:
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyParse10 Value:
.scmagazine.com/	1970-01-19 15:23:50	Name: __gads Value: ID=2f734c0458b0610a:T=1547558712:S=ALNI_MalXL92fhrYQxcuC5Sn1a1VXTJ4Bg
.www.scmagazine.com/	1970-01-18 21:52:40	Name: seerses Value: e
.scmagazine.com/	1970-01-18 21:52:40	Name: seerses Value: e
www.scmagazine.com/	1970-01-19 07:21:26	Name: _cb Value: CtC_rfCLeJyCD0_vXV
www.scmagazine.com/	1970-01-18 21:52:39	Name: ly_segs Value: %7B%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%3A%22sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86%22%2C%22sc_module_74_103017_priority_2_threat_management_eb%22%3A%22sc_module_74_103017_priority_2_threat_management_eb%22%2C%22sc_module_56_092717_priority_3_threat_management_eb%22%3A%22sc_module_56_092717_priority_3_threat_management_eb%22%2C%22sc_module_090717_priority_2_surviving_ransomware_41%22%3A%22sc_module_090717_priority_2_surviving_ransomware_41%22%2C%22sc_module_081717_priority_3_surviving_ransomware_28%22%3A%22sc_module_081717_priority_3_surviving_ransomware_28%22%2C%22sc_module_21_073117_priority_2_817_thycotic%22%3A%22sc_module_21_073117_priority_2_817_thycotic%22%2C%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%3A%22sc_module_063017_priority_3_sc_reboot_17_industry_innovators%22%2C%22ce_unknown_1000plus%22%3A%22ce_unknown_1000plus%22%2C%22ly_uses_desktop%22%3A%22ly_uses_desktop%22%2C%22ly_repeat_visitor%22%3A%22ly_repeat_visitor%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%2C%22ly_reporting_last_visit_within_3_months%22%3A%22ly_reporting_last_visit_within_3_months%22%2C%22ly_reporting_last_visit_within_month%22%3A%22ly_reporting_last_visit_within_month%22%2C%22ly_reporting_last_visit_within_week%22%3A%22ly_reporting_last_visit_within_week%22%2C%22ly_reporting_last_visit_within_day%22%3A%22ly_reporting_last_visit_within_day%22%2C%22ly_reporting_multi_session_visitor%22%3A%22ly_reporting_multi_session_visitor%22%2C%22ly_reporting_has_visited_web%22%3A%22ly_reporting_has_visited_web%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ce_no_usa%22%3A%22ce_no_usa%22%2C%22module_115_022818_priority_2_sc_paid_subscription%22%3A%22module_115_022818_priority_2_sc_paid_subscription%22%7D
www.scmagazine.com/	1970-01-19 07:21:26	Name: _chartbeat2 Value: .1547558712604.1547558712604.1.gjkABCJqc5b4JdY8B4om9-DrIXum.1
.scmagazine.com/	1969-12-31 23:59:59	Name: _lyParse05 Value:
.scmagazine.com/	1970-01-18 21:52:38	Name: _gat_UA-1290429-10 Value: 1
.scmagazine.com/	1970-01-19 00:02:14	Name: seerid Value: 61738d628ea6913c4f8bd59a49e57964
.scmagazine.com/	1970-01-19 15:23:50	Name: _ga Value: GA1.2.623046801.1547558713

29 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1547479433(Line 1) Message: [ABD] start beginTest
console-api	log	URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1547479433(Line 1) Message: [ABD] adding bait node to DOM
console-api	log	URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1547479433(Line 1) Message: [ABD] start beginTest
console-api	log	URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1547479433(Line 1) Message: [ABD] adding bait node to DOM
console-api	log	(Line 6) Message: checkForCPNSegments(module_115_022818_priority_2_sc_paid_subscription)
console-api	log	(Line 6) Message: checkForCPNSegments(ce_no_usa)
console-api	log	(Line 8) Message: logit -all
console-api	log	(Line 6) Message: checkForCPNSegments(all)
console-api	log	(Line 6) Message: checkForCPNSegments(smt_new)
console-api	log	(Line 6) Message: checkForCPNSegments(ly_reporting_has_visited_web)
console-api	log	(Line 6) Message: checkForCPNSegments(ly_reporting_multi_session_visitor)
console-api	log	(Line 6) Message: checkForCPNSegments(ly_reporting_last_visit_within_day)
console-api	log	(Line 6) Message: checkForCPNSegments(ly_reporting_last_visit_within_week)
console-api	log	(Line 6) Message: checkForCPNSegments(ly_reporting_last_visit_within_month)
console-api	log	(Line 6) Message: checkForCPNSegments(ly_reporting_last_visit_within_3_months)
console-api	log	(Line 6) Message: checkForCPNSegments(ly_unknown_email)
console-api	log	(Line 6) Message: checkForCPNSegments(ly_repeat_visitor)
console-api	log	(Line 6) Message: checkForCPNSegments(ly_uses_desktop)
console-api	log	(Line 6) Message: checkForCPNSegments(ce_unknown_1000plus)
console-api	log	(Line 6) Message: checkForCPNSegments(sc_module_063017_priority_3_sc_reboot_17_industry_innovators)
console-api	log	(Line 6) Message: checkForCPNSegments(sc_module_21_073117_priority_2_817_thycotic)
console-api	log	(Line 6) Message: checkForCPNSegments(sc_module_081717_priority_3_surviving_ransomware_28)
console-api	log	(Line 6) Message: checkForCPNSegments(sc_module_090717_priority_2_surviving_ransomware_41)
console-api	log	(Line 6) Message: checkForCPNSegments(sc_module_56_092717_priority_3_threat_management_eb)
console-api	log	(Line 6) Message: checkForCPNSegments(sc_module_74_103017_priority_2_threat_management_eb)
console-api	log	(Line 6) Message: checkForCPNSegments(sc_module_112217_priority_3_sc_virtual_conference_siem_112217_121317_86)
console-api	log	(Line 5) Message: OK
console-api	log	URL: https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1547479433(Line 1) Message: [ABD] exiting test loop - value: false

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com
action.dstillery.com
action.media6degrees.com
adservice.google.com
adservice.google.de
api-34-222-245-10.b2c.com
api-52-12-92-209.b2c.com
api.b2c.com
api.lytics.io
c.disquscdn.com
c.lytics.io
content.maropost.com
disqus.com
dnn506yrbagrg.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
media.scmagazine.com
pagead2.googlesyndication.com
ping.chartbeat.net
px.ads.linkedin.com
s3.amazonaws.com
scmagazineus.disqus.com
securepubads.g.doubleclick.net
snap.licdn.com
static.chartbeat.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
www.scmagazine.com
api-34-222-245-10.b2c.com
api-52-12-92-209.b2c.com
13.35.253.54
13.35.254.31
151.101.120.134
151.101.64.134
204.2.197.202
216.58.206.2
2600:1f14:cc5:8000:a6d0:54b5:c6bb:25b6
2600:1f14:cc5:8001:d778:4025:9131:ad36
2600:1f14:cc5:8002:89f2:2f5b:cd6e:7e5d
2600:9000:20bb:ee00:18:1fcd:348:2461
2600:9000:20bb:fe00:1b:fadc:b780:93a1
2606:4700:20::6819:5465
2606:4700::6810:50a6
2620:109:c002::6cae:a0a
2a00:1450:4001:809::2002
2a00:1450:4001:816::2001
2a00:1450:4001:817::2003
2a00:1450:4001:81a::2002
2a00:1450:4001:81a::200e
2a00:1450:4001:81d::2004
2a00:1450:4001:81e::2002
2a00:1450:4001:81f::2008
2a00:1450:4001:821::200a
2a00:1450:4001:824::2003
2a00:1450:400c:c08::9d
2a02:26f0:eb:3b3::25ea
2a05:f500:10:101::b93f:9105
34.193.242.172
35.227.192.113
38.126.130.202
52.202.3.162
52.216.163.165
94.31.29.64
0012086c8c7df7412311b891151120a65eed7b17f3087d74a7759ea4a04e1048
029cfeb079d4a5b7d45c622cd3f0bae1355c553d051f924fa587d61393e1fa7b
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
04a7850157941b110e720964c02030920733295264ccdf93648c5fd306c8dcef
0c7e4012cb73f8c0836fa8aee34bb0da2250b5af84d0c4a1959d60764597f05a
0f8b03d35fc5ee74af8ba968c5fd34d6d78013fb0db5c711399afaeaa9f721e2
155ef7601d4af029d8b6f3efa4ed4984748ea0a36c85f038f129ffdc6fb83b66
1942d9d4880e9e87dd84247a8857cfcd631fc69f8584090c99a4d1b510cf9f0b
1a27c48c49702fde31c2a55ebcf03e9da120e054143d2c0c0f575fd680c42f4f
1d90939dba16916ae487a09245dfb95ea74654b16d67d90e2621e3ac0be0cef0
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
23cb9fdd7a714263e5315f0053df60afb2b597f399d64497d4123d211686ef3d
27478e2382adda2fb92f85d1b3b379e059b0d4df213c2c19842627f70b34a63a
29524d2058638455c86eeb2e1e99102f41a9b80aea82e8399d9827600242b825
2a1050d2c64f0de25ac5c27595aefe9114d0bf5adba85fea917e8db9d3397bec
308acef75f679c459f3c62bef1325e0e9d6ed90cfb5cfd6f14b1b6441b98348b
323b5839559581754a7eec71a8041919b64b1edad7f5c8b81a87499a37f15080
32ca65dd304efa5241cd5eefcc2ed9be6f897a390934a232bcfffcbf0f108c02
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
37cbec7848d20e4767cc5b65fa8a3a9f41a1bdf2ecaa98983d0c6263567aef3a
41a1b87a4754b4b1ac551edf5c52c6f4b67fac2bb2f06fbe9000b4355eb20a90
4400ba12fc49a86640974d46d2476c8ffc2ebff620b8b1d2cf72d49bc69bc6aa
457a978034f1b1804a1340239406bf2733586b3609ad22bfe0618fb623700f25
46fd342aa83241b7a64a3da1b466ba7696c90e5d0bcba4957f8493e315bac77b
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4967d03fb66f41ab7a7bef6265dbc532e549d91805ff654f1656bc790b6dcff2
49f6f01a4b5aea242d8f065d5a44a4830ce243e6d524be83648eda2c33d51ade
4beca5d8f74bb60f6e51daeab83dfc6cb26f21018f719e0f9a181dda64924849
4dd51e6b250e15946ca0af835e0511093c82c5678115aac3055645d889a1681a
524a8a1bdf0e44291b4234a7083ae7079f80f48a228df6dbc82638e43463a07c
52726fb580d6bffc46615863ddbf4c319524b5a68fb484be2972bdad4fd0310d
583c894c386a9c85976586b2c40928cbd09eb9ef1fb30412165a8d56b7bf901e
58aa5964d6f5dc68b2180e943ea63b6031c0ba83e44d9815e724b10f2f615f9f
59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a
5d4379d07fb5c604e26d20550736e80690d1dce29fa7a6ba53ea2116c9ac3686
5defe440039097d869dcc438d41487a045c28b9695c9220caa16a2e7009902fb
5e2b97bb47969c8f40fcd444f6bcc5de371ddb2572e508bc2f8c8b02d8e17f1f
618954b39db10214b7e3576f5543f7753c38ee2616cb1f066a82c1ec4987212f
645eb3a415d000eb6c932bc1042338ade68efb205783184c59aeca8bfb2da121
676d159347cd59711604943ecf8c34d3bfb43351bc67b4d2e163f8aac82c5c71
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cdf96f1971da4e18b082c7ef4566487a61af2d63808502aa8a2928e978c7cff
70c5d6d2e460ea57a37f4f9cdfb8569808e4ec404384c6a4c61903494af4fac0
78a7541a618ae2bbe02a58a72e47f378955ae4d0405bcf0dc9f83edd3061c3d4
7d0277bee65c500f7f77ac5c79d8d0bec16a6d62927046f9e074f1ca03a950ff
81169b3a2e761e5ac9498a4b56609aac39022a1550fcc3b1c777f5057b67f236
81206a2b6d6df9c3e82f9a0d8521582d84506a8a58b665135b177773829de18e
81e0f70e395a7cec7727337abaa67573acf708bd7ee8ebb8600abfd186b4ffdb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85275cd1867120d7ef0933ca546bdb9517396ed706b40683c247c55ae0ef4a02
8a6aa1464d7bb329d2f5d5baf8f6dc279d5c67d893cfaba76729508ecfa72dd9
8b17271b24dbc011a0f5bfb480253ce3d67bf71f259f624b4b29f72447ad02aa
8bae7cef80b02cbd43ee0dabd82eb220e8c73a346ba1bb08d054cfbe28e6169c
8e0da2e2d764c1a202d33dd39287784df8ac6bc20c7401ea14f2d62001292856
8fa2547713295126552c98b376c703091e0d7549ddd9ac5a6546abf4b3e83109
9c0dcfa50d9dda31a3c0e3ec9124719b7e8b633a5772734a304ab31cc9ee1012
9e01cd9d5c99f2550fff5002f1b7fcc1402aa88b84f471214b032a7cde0f42b2
9f45ff23beda15b136534fc1bfa236b26cc727e444b026815dedcb0f9e8ac9e4
a0d0d32837df8b4ba50d59bf9c20607112af7f902ba6fd720ae74d4140404029
a3b3c4f67bf2b44294215e2be76f12794e6b142edec201e199c93c38739f2bfc
a8d842dc045c65986e7b50952261d47b62cab35c5829700e90d1965ec11692e3
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2435070f04e40c2666a729a016c60355b2025c969c3b7857489b7c8b2755bc2
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
c46ad118afecb7452e8d8b7865f8d9e49f620d5a5727fafcee58fc0c70a18fc6
ca5327697815bc7ac6c0073c5b4fbf2f260954bd1a9d5d48d13d5839e918c4bb
cb3445eead1ab541f2fbf45af06a994422f6229db2f98c2e55c8f63893a8ce0a
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cffef365e4b53f1a6e9d33a7d42c0d1542b573360f774069589240f75f0e84f1
d0d19f68352c82b2784c1b9c602aa713294ae6c7b2aa11dc2f8c7557be989882
d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5
d81693e5223b90ea36864037425e93f89fd2a25286e7b92a2a743c10afc0ea8c
dceac02701ae266bf45b0e4e00e1071874ac32c75c241a8b64224c879e6783aa
df797579f863fc54e861f7d8783b486daa5caba25162a593c4c1ee4e1acd0704
e38c283cf693ccc86f81942e7cae20849f0cfd639bfd5e7362677d91e8f0d4b5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58afe9df351a807c6ec998884af42ca814def734427d307ceab0e6cdc79341c
e828282e92509efc0f7bc57888382c5816bd403e0abbb685eda5c4372cc7daa5
e8b24bdfb79346b70c79e4e3243ac780ea3f48af2f234f4b14b8b6e30aed9fff
e9eaa1ac6e385429ed20b09dea1850ab75ea2a5f0a6362909f618b8518bc69d3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6fad5303e620508ee489959ce949918889f9e36f93e5b2f914638ff20419ce
f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452
f26d8b636354c0bf3b056e56137765098fa5b4fa8363ec0364265b6740fc726d
f2e39668a20d08f09afdc26d253f407b640ef7456a89cfd163015066d871fcc8
f8fa26adefe57f1f86b8255b34c316d6cc264419555efdf6311136af9b2a6e1a
f965b742a78d61118c556d86f2455b7b004e9e976d8316d74621772cd64047c4
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e

www.scmagazine.com Open in urlscan Pro 52.202.3.162 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

165 Requests

98 %HTTPS

64 %IPv6

24 Domains

34 Subdomains

30 IPs

4 Countries

3467 kBTransfer

5370 kBSize

25 Cookies

19 Outgoing links

Redirected requests

165 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.scmagazine.com Open in urlscan Pro
52.202.3.162 Public Scan

Screenshot
Live screenshot

Full Image

165
Requests

98 %
HTTPS

64 %
IPv6

24
Domains

34
Subdomains

30
IPs

4
Countries

3467 kB
Transfer

5370 kB
Size

25
Cookies

165 HTTP transactions
2 data transactions